[kaffe] CVS kaffe (robilad): Resynced with GNU Classpath: support for signed JARs
Kaffe CVS
cvs-commits at kaffe.org
Wed Nov 10 16:36:53 PST 2004
PatchSet 5436
Date: 2004/11/11 00:32:35
Author: robilad
Branch: HEAD
Tag: (none)
Log:
Resynced with GNU Classpath: support for signed JARs
Members:
ChangeLog:1.2983->1.2984
libraries/javalib/Makefile.am:1.261->1.262
libraries/javalib/Makefile.in:1.341->1.342
libraries/javalib/all.files:1.49->1.50
libraries/javalib/gnu/java/io/Base64InputStream.java:1.1->1.2
libraries/javalib/gnu/java/security/ber/BER.java:INITIAL->1.1
libraries/javalib/gnu/java/security/ber/BEREncodingException.java:INITIAL->1.1
libraries/javalib/gnu/java/security/ber/BERReader.java:INITIAL->1.1
libraries/javalib/gnu/java/security/ber/BERValue.java:INITIAL->1.1
libraries/javalib/gnu/java/security/der/DERReader.java:1.4->1.5
libraries/javalib/gnu/java/security/pkcs/PKCS7SignedData.java:INITIAL->1.1
libraries/javalib/gnu/java/security/pkcs/SignerInfo.java:INITIAL->1.1
libraries/javalib/java/net/URLClassLoader.java:1.18->1.19
libraries/javalib/java/util/jar/JarFile.java:1.4->1.5
libraries/javalib/java/util/zip/InflaterInputStream.java:1.13->1.14
Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.2983 kaffe/ChangeLog:1.2984
--- kaffe/ChangeLog:1.2983 Wed Nov 10 22:46:17 2004
+++ kaffe/ChangeLog Thu Nov 11 00:32:35 2004
@@ -7,6 +7,93 @@
2004-11-10 Dalibor Topic <robilad at kaffe.org>
+ * libraries/javalib/java/util/jar/JarFile.java (EntryInputStream): Add actual
+ JarFile as argument.
+ (getInputStream): Construct a new EntryInputStream with this JarFile.
+ (verified) New field.
+
+ * libraries/javalib/gnu/java/security/ber/BER.java,
+ libraries/javalib/gnu/java/security/ber/BEREncodingException.java,
+ libraries/javalib/gnu/java/security/ber/BERReader.java,
+ libraries/javalib/gnu/java/security/ber/BERValue.java,
+ libraries/javalib/gnu/java/security/der/DERReader.java,
+ libraries/javalib/gnu/java/security/pkcs/PKCS7SignedData.java,
+ libraries/javalib/gnu/java/security/pkcs/SignerInfo.java:
+ New files. Taken from GNU Classpath.
+
+ * libraries/javalib/Makefile.am,
+ libraries/javalib/Makefile.in,
+ libraries/javalib/all.files:
+ Regenerated.
+
+ * libraries/javalib/gnu/java/io/Base64InputStream.java,
+ libraries/javalib/java/net/URLClassLoader.java,
+ libraries/javalib/java/util/jar/JarFile.java,
+ libraries/javalib/java/util/zip/InflaterInputStream.java:
+ Resynced with GNU Classpath.
+
+ 2004-11-07 Mark Wielaard <mark at klomp.org>
+
+ * java/util/jar/JarFile.java (EntryInputStream): Add actual
+ InputStream as argument.
+ (getInputStream): Construct a new EntryInputStream with the result of
+ super.getInputStream(entry).
+
+ 2004-11-07 Casey Marshall <csm at gnu.org>
+
+ Signed JAR file support.
+ * java/net/URLClassLoader.java
+ (JarURLResource.getCertificates): re-read jar entry to ensure
+ certificates are picked up.
+ (findClass): fill in class `signers' field, too.
+ * java/util/jar/JarFile.java (META_INF): new constant.
+ (PKCS7_DSA_SUFFIX): new constant.
+ (PKCS7_RSA_SUFFIX): new constant.
+ (DIGEST_KEY_SUFFIX): new constant.
+ (SF_SUFFIX): new constant.
+ (MD2_OID): new constant.
+ (MD4_OID): new constant.
+ (MD5_OID): new constant.
+ (SHA1_OID): new constant.
+ (DSA_ENCRYPTION_OID): new constant.
+ (RSA_ENCRYPTION_OID): new constant.
+ (signaturesRead): new field.
+ (verified): new field.
+ (entryCerts): new field.
+ (DEBUG): new constant.
+ (debug): new method.
+ (JarEnumeration.nextElement): fill in entry certificates, read
+ signatures if they haven't been read.
+ (getEntry): likewise.
+ (getInputStream): verify stream if it hasn't been verified
+ yet.
+ (readSignatures): new method.
+ (verify): new method.
+ (verifyHashes): new method.
+ (readManifestEntry): new method.
+ (EntryInputStream): new class.
+ * java/util/zip/InflaterInputStream.java
+ Don't defer to underlying stream for mark/reset.
+ (markSupported): new method; return `false'.
+ (mark): new method.
+ (reset): new method.
+ * gnu/java/io/Base64InputStream.java (decode): new class
+ method.
+ * gnu/java/security/der/DERReader.java don't make class
+ final.
+ (in): made protected.
+ (encBuf): likewise.
+ (readLength): likewise.
+ * gnu/java/security/ber/BER.java,
+ * gnu/java/security/ber/BEREncodingException.java,
+ * gnu/java/security/ber/BERReader.java,
+ * gnu/java/security/ber/BERValue.java,
+ * gnu/java/security/pkcs/PKCS7SignedData.java,
+ * gnu/java/security/pkcs/SignerInfo.java:
+ new files.
+
+2004-11-10 Dalibor Topic <robilad at kaffe.org>
+
* libraries/javalib/gnu/java/security/provider/CollectionCertStoreImpl.java,
libraries/javalib/gnu/java/security/provider/EncodedKeyFactory.java,
libraries/javalib/gnu/java/security/provider/GnuDHPublicKey.java,
Index: kaffe/libraries/javalib/Makefile.am
diff -u kaffe/libraries/javalib/Makefile.am:1.261 kaffe/libraries/javalib/Makefile.am:1.262
--- kaffe/libraries/javalib/Makefile.am:1.261 Wed Nov 10 22:46:21 2004
+++ kaffe/libraries/javalib/Makefile.am Thu Nov 11 00:32:38 2004
@@ -142,7 +142,9 @@
$(gnu_java_rmi_server_SRCS) \
$(gnu_java_security_SRCS) \
$(gnu_java_security_action_SRCS) \
+ $(gnu_java_security_ber_SRCS) \
$(gnu_java_security_der_SRCS) \
+ $(gnu_java_security_pkcs_SRCS) \
$(gnu_java_security_provider_SRCS) \
$(gnu_java_security_util_SRCS) \
$(gnu_java_security_x509_SRCS) \
@@ -1295,6 +1297,11 @@
gnu/java/security/action/GetPropertyAction.java \
gnu/java/security/action/GetSecurityPropertyAction.java \
gnu/java/security/action/SetAccessibleAction.java
+gnu_java_security_ber_SRCS = \
+ gnu/java/security/ber/BER.java \
+ gnu/java/security/ber/BEREncodingException.java \
+ gnu/java/security/ber/BERReader.java \
+ gnu/java/security/ber/BERValue.java
gnu_java_security_der_SRCS = \
gnu/java/security/der/BitString.java \
gnu/java/security/der/DER.java \
@@ -1302,6 +1309,9 @@
gnu/java/security/der/DERReader.java \
gnu/java/security/der/DERValue.java \
gnu/java/security/der/DERWriter.java
+gnu_java_security_pkcs_SRCS = \
+ gnu/java/security/pkcs/PKCS7SignedData.java \
+ gnu/java/security/pkcs/SignerInfo.java
gnu_java_security_provider_SRCS = \
gnu/java/security/provider/CollectionCertStoreImpl.java \
gnu/java/security/provider/DSAKeyFactory.java \
Index: kaffe/libraries/javalib/Makefile.in
diff -u kaffe/libraries/javalib/Makefile.in:1.341 kaffe/libraries/javalib/Makefile.in:1.342
--- kaffe/libraries/javalib/Makefile.in:1.341 Wed Nov 10 22:46:21 2004
+++ kaffe/libraries/javalib/Makefile.in Thu Nov 11 00:32:39 2004
@@ -483,7 +483,9 @@
$(gnu_java_rmi_server_SRCS) \
$(gnu_java_security_SRCS) \
$(gnu_java_security_action_SRCS) \
+ $(gnu_java_security_ber_SRCS) \
$(gnu_java_security_der_SRCS) \
+ $(gnu_java_security_pkcs_SRCS) \
$(gnu_java_security_provider_SRCS) \
$(gnu_java_security_util_SRCS) \
$(gnu_java_security_x509_SRCS) \
@@ -1725,6 +1727,12 @@
gnu/java/security/action/GetSecurityPropertyAction.java \
gnu/java/security/action/SetAccessibleAction.java
+gnu_java_security_ber_SRCS = \
+ gnu/java/security/ber/BER.java \
+ gnu/java/security/ber/BEREncodingException.java \
+ gnu/java/security/ber/BERReader.java \
+ gnu/java/security/ber/BERValue.java
+
gnu_java_security_der_SRCS = \
gnu/java/security/der/BitString.java \
gnu/java/security/der/DER.java \
@@ -1732,6 +1740,10 @@
gnu/java/security/der/DERReader.java \
gnu/java/security/der/DERValue.java \
gnu/java/security/der/DERWriter.java
+
+gnu_java_security_pkcs_SRCS = \
+ gnu/java/security/pkcs/PKCS7SignedData.java \
+ gnu/java/security/pkcs/SignerInfo.java
gnu_java_security_provider_SRCS = \
gnu/java/security/provider/CollectionCertStoreImpl.java \
Index: kaffe/libraries/javalib/all.files
diff -u kaffe/libraries/javalib/all.files:1.49 kaffe/libraries/javalib/all.files:1.50
--- kaffe/libraries/javalib/all.files:1.49 Wed Nov 10 22:46:22 2004
+++ kaffe/libraries/javalib/all.files Thu Nov 11 00:32:40 2004
@@ -879,12 +879,18 @@
gnu/java/security/action/GetPropertyAction.java
gnu/java/security/action/GetSecurityPropertyAction.java
gnu/java/security/action/SetAccessibleAction.java
+gnu/java/security/ber/BER.java
+gnu/java/security/ber/BEREncodingException.java
+gnu/java/security/ber/BERReader.java
+gnu/java/security/ber/BERValue.java
gnu/java/security/der/BitString.java
gnu/java/security/der/DER.java
gnu/java/security/der/DEREncodingException.java
gnu/java/security/der/DERReader.java
gnu/java/security/der/DERValue.java
gnu/java/security/der/DERWriter.java
+gnu/java/security/pkcs/PKCS7SignedData.java
+gnu/java/security/pkcs/SignerInfo.java
gnu/java/security/provider/CollectionCertStoreImpl.java
gnu/java/security/provider/DSAKeyFactory.java
gnu/java/security/provider/DSAKeyPairGenerator.java
Index: kaffe/libraries/javalib/gnu/java/io/Base64InputStream.java
diff -u kaffe/libraries/javalib/gnu/java/io/Base64InputStream.java:1.1 kaffe/libraries/javalib/gnu/java/io/Base64InputStream.java:1.2
--- kaffe/libraries/javalib/gnu/java/io/Base64InputStream.java:1.1 Sat Sep 25 16:39:58 2004
+++ kaffe/libraries/javalib/gnu/java/io/Base64InputStream.java Thu Nov 11 00:32:40 2004
@@ -1,5 +1,5 @@
/* Base64InputStream.java -- base-64 input stream.
- Copyright (C) 2003 Free Software Foundation, Inc.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -38,6 +38,8 @@
package gnu.java.io;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -88,6 +90,30 @@
state = 0;
temp = 0;
eof = false;
+ }
+
+ // Class method.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Decode a single Base-64 string to a byte array.
+ *
+ * @param base64 The Base-64 encoded data.
+ * @return The decoded bytes.
+ * @throws IOException If the given data do not compose a valid Base-64
+ * sequence.
+ */
+ public static byte[] decode(String base64) throws IOException
+ {
+ Base64InputStream in =
+ new Base64InputStream(new ByteArrayInputStream(base64.getBytes()));
+ ByteArrayOutputStream out =
+ new ByteArrayOutputStream((int) (base64.length() / 0.666));
+ byte[] buf = new byte[1024];
+ int len;
+ while ((len = in.read(buf)) != -1)
+ out.write(buf, 0, len);
+ return out.toByteArray();
}
// Instance methods.
===================================================================
Checking out kaffe/libraries/javalib/gnu/java/security/ber/BER.java
RCS: /home/cvs/kaffe/kaffe/libraries/javalib/gnu/java/security/ber/BER.java,v
VERS: 1.1
***************
--- /dev/null Sun Aug 4 19:57:58 2002
+++ kaffe/libraries/javalib/gnu/java/security/ber/BER.java Thu Nov 11 00:36:52 2004
@@ -0,0 +1,46 @@
+/* BER.java -- basic encoding rules (BER) constants.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.ber;
+
+import gnu.java.security.der.DER;
+
+public interface BER extends DER
+{
+ BERValue END_OF_SEQUENCE = new BERValue(0, null);
+}
===================================================================
Checking out kaffe/libraries/javalib/gnu/java/security/ber/BEREncodingException.java
RCS: /home/cvs/kaffe/kaffe/libraries/javalib/gnu/java/security/ber/BEREncodingException.java,v
VERS: 1.1
***************
--- /dev/null Sun Aug 4 19:57:58 2002
+++ kaffe/libraries/javalib/gnu/java/security/ber/BEREncodingException.java Thu Nov 11 00:36:52 2004
@@ -0,0 +1,54 @@
+/* BEREncodingException.java --- BER Encoding Exception
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.ber;
+
+import gnu.java.security.der.DEREncodingException;
+
+public class BEREncodingException extends DEREncodingException
+{
+ public BEREncodingException()
+ {
+ super ();
+ }
+
+ public BEREncodingException (String msg)
+ {
+ super (msg);
+ }
+}
===================================================================
Checking out kaffe/libraries/javalib/gnu/java/security/ber/BERReader.java
RCS: /home/cvs/kaffe/kaffe/libraries/javalib/gnu/java/security/ber/BERReader.java,v
VERS: 1.1
***************
--- /dev/null Sun Aug 4 19:57:58 2002
+++ kaffe/libraries/javalib/gnu/java/security/ber/BERReader.java Thu Nov 11 00:36:52 2004
@@ -0,0 +1,103 @@
+/* BERReader.java -- basic encoding rules (BER) reader.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.ber;
+
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+
+public class BERReader extends DERReader implements BER
+{
+
+ /**
+ * Create a new DER reader from a byte array.
+ *
+ * @param in The encoded bytes.
+ */
+ public BERReader(byte[] in)
+ {
+ super(in);
+ }
+
+ public BERReader (byte[] in, int off, int len)
+ {
+ super(in, off, len);
+ }
+
+ /**
+ * Create a new DER readed from an input stream.
+ *
+ * @param in The encoded bytes.
+ */
+ public BERReader(InputStream in)
+ {
+ super(in);
+ }
+
+ public DERValue read() throws IOException
+ {
+ in.mark(2);
+ int tag = in.read();
+ if (tag == -1)
+ throw new EOFException();
+ int length = in.read();
+ if (length == 0)
+ {
+ if (tag == 0)
+ return END_OF_SEQUENCE;
+ return new BERValue(tag, CONSTRUCTED_VALUE, new byte[] { (byte) tag, 0 });
+ }
+ else
+ {
+ in.reset();
+ return super.read();
+ }
+ }
+
+ public int peek() throws IOException
+ {
+ in.mark(1);
+ int ret = in.read();
+ in.reset();
+ return ret;
+ }
+}
===================================================================
Checking out kaffe/libraries/javalib/gnu/java/security/ber/BERValue.java
RCS: /home/cvs/kaffe/kaffe/libraries/javalib/gnu/java/security/ber/BERValue.java,v
VERS: 1.1
***************
--- /dev/null Sun Aug 4 19:57:58 2002
+++ kaffe/libraries/javalib/gnu/java/security/ber/BERValue.java Thu Nov 11 00:36:52 2004
@@ -0,0 +1,82 @@
+/* BERReader.java -- basic encoding rules (BER) value.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.ber;
+
+import gnu.java.security.der.DERValue;
+
+public class BERValue extends DERValue
+{
+
+ private boolean indefinite;
+
+ public BERValue(int tag, Object value, byte[] encoded)
+ {
+ super(tag, 0, value, encoded);
+ indefinite = true;
+ }
+
+ public BERValue(int tag, int length, Object value, byte[] encoded)
+ {
+ super(tag, length, value, encoded);
+ }
+
+ public BERValue(int tag, Object value)
+ {
+ super(tag, 0, value, null);
+ }
+
+ public static boolean isIndefinite(DERValue value)
+ {
+ if (value instanceof BERValue)
+ return ((BERValue) value).getIndefinite();
+ return false;
+ }
+
+ public boolean getIndefinite()
+ {
+ return indefinite;
+ }
+
+ public int getLength()
+ {
+ if (indefinite)
+ return 0;
+ return super.getLength();
+ }
+}
Index: kaffe/libraries/javalib/gnu/java/security/der/DERReader.java
diff -u kaffe/libraries/javalib/gnu/java/security/der/DERReader.java:1.4 kaffe/libraries/javalib/gnu/java/security/der/DERReader.java:1.5
--- kaffe/libraries/javalib/gnu/java/security/der/DERReader.java:1.4 Wed Nov 10 22:46:22 2004
+++ kaffe/libraries/javalib/gnu/java/security/der/DERReader.java Thu Nov 11 00:32:41 2004
@@ -62,15 +62,15 @@
*
* @author Casey Marshall (csm at gnu.org)
*/
-public final class DERReader implements DER
+public class DERReader implements DER
{
// Fields.
// ------------------------------------------------------------------------
- private InputStream in;
+ protected InputStream in;
- private final ByteArrayOutputStream encBuf;
+ protected final ByteArrayOutputStream encBuf;
// Constructor.
// ------------------------------------------------------------------------
@@ -185,6 +185,26 @@
return value;
}
+ protected int readLength() throws IOException
+ {
+ int i = in.read();
+ if (i == -1)
+ throw new EOFException();
+ encBuf.write(i);
+ if ((i & ~0x7F) == 0)
+ {
+ return i;
+ }
+ else if (i < 0xFF)
+ {
+ byte[] octets = new byte[i & 0x7F];
+ in.read(octets);
+ encBuf.write(octets);
+ return new BigInteger(1, octets).intValue();
+ }
+ throw new DEREncodingException();
+ }
+
// Own methods.
// ------------------------------------------------------------------------
@@ -234,26 +254,6 @@
default:
throw new DEREncodingException("unknown tag " + tag);
}
- }
-
- private int readLength() throws IOException
- {
- int i = in.read();
- if (i == -1)
- throw new EOFException();
- encBuf.write(i);
- if ((i & ~0x7F) == 0)
- {
- return i;
- }
- else if (i < 0xFF)
- {
- byte[] octets = new byte[i & 0x7F];
- in.read(octets);
- encBuf.write(octets);
- return new BigInteger(1, octets).intValue();
- }
- throw new DEREncodingException();
}
private static String makeString(int tag, byte[] value)
===================================================================
Checking out kaffe/libraries/javalib/gnu/java/security/pkcs/PKCS7SignedData.java
RCS: /home/cvs/kaffe/kaffe/libraries/javalib/gnu/java/security/pkcs/PKCS7SignedData.java,v
VERS: 1.1
***************
--- /dev/null Sun Aug 4 19:57:58 2002
+++ kaffe/libraries/javalib/gnu/java/security/pkcs/PKCS7SignedData.java Thu Nov 11 00:36:52 2004
@@ -0,0 +1,363 @@
+/* PKCS7SignedData.java -- reader for PKCS#7 signedData objects.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.pkcs;
+
+import gnu.java.security.OID;
+import gnu.java.security.ber.BER;
+import gnu.java.security.ber.BEREncodingException;
+import gnu.java.security.ber.BERReader;
+import gnu.java.security.ber.BERValue;
+import gnu.java.security.der.DERValue;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import java.math.BigInteger;
+
+import java.security.cert.CRL;
+import java.security.cert.CRLException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * The SignedData object in PKCS #7. This is a read-only implementation of
+ * this format, and is used to provide signed Jar file support.
+ *
+ * @author Casey Marshall (csm at gnu.org)
+ */
+public class PKCS7SignedData
+{
+
+ public static final OID PKCS7_DATA = new OID("1.2.840.113549.1.7.1");
+ public static final OID PKCS7_SIGNED_DATA = new OID("1.2.840.113549.1.7.2");
+
+ private BigInteger version;
+ private Set digestAlgorithms;
+ private OID contentType;
+ private byte[] content;
+ private Certificate[] certificates;
+ private CRL[] crls;
+ private Set signerInfos;
+
+ private static final boolean DEBUG = false;
+ private static void debug(String msg)
+ {
+ System.err.print("PKCS7SignedData >> ");
+ System.err.println(msg);
+ }
+
+ public PKCS7SignedData(InputStream in)
+ throws CRLException, CertificateException, IOException
+ {
+ this(new BERReader(in));
+ }
+
+ /**
+ * Parse an encoded PKCS#7 SignedData object. The ASN.1 format of this
+ * object is:
+ *
+ * <pre>
+ * SignedData ::= SEQUENCE {
+ * version Version,
+ * digestAlgorithms DigestAlgorithmIdentifiers,
+ * contentInfo ContentInfo,
+ * certificates
+ * [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
+ * crls
+ * [1] IMPLICIT CertificateRevocationLists OPTIONAL,
+ * signerInfos SignerInfos }
+ *
+ * Version ::= INTEGER
+ *
+ * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+ *
+ * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * ContentInfo ::= SEQUENCE {
+ * contentType ContentType,
+ * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
+ *
+ * ContentType ::= OBJECT IDENTIFIER
+ *
+ * ExtendedCertificatesAndCertificates ::=
+ * SET OF ExtendedCertificatesAndCertificate
+ *
+ * ExtendedCertificatesAndCertificate ::= CHOICE {
+ * certificate Certificate, -- from X.509
+ * extendedCertificate [0] IMPLICIT ExtendedCertificate }
+ *
+ * CertificateRevocationLists ::= SET OF CertificateRevocationList
+ * -- from X.509
+ *
+ * SignerInfos ::= SET OF SignerInfo
+ *
+ * SignerInfo ::= SEQUENCE {
+ * version Version,
+ * issuerAndSerialNumber IssuerAndSerialNumber,
+ * digestAlgorithm DigestAlgorithmIdentifier,
+ * authenticatedAttributes
+ * [0] IMPLICIT Attributes OPTIONAL,
+ * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
+ * encryptedDigest EncryptedDigest,
+ * unauthenticatedAttributes
+ * [1] IMPLICIT Attributes OPTIONAL }
+ *
+ * EncryptedDigest ::= OCTET STRING
+ * </pre>
+ *
+ * <p>(Readers who are confused as to why it takes 40 levels of indirection
+ * to specify "data with a signature", rest assured that the present author
+ * is as confused as you are).</p>
+ */
+ public PKCS7SignedData(BERReader ber)
+ throws CRLException, CertificateException, IOException
+ {
+ CertificateFactory x509 = CertificateFactory.getInstance("X509");
+ DERValue val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed ContentInfo");
+
+ val = ber.read();
+ if (val.getTag() != BER.OBJECT_IDENTIFIER)
+ throw new BEREncodingException("malformed ContentType");
+
+ if (!PKCS7_SIGNED_DATA.equals(val.getValue()))
+ throw new BEREncodingException("content is not SignedData");
+
+ val = ber.read();
+ if (val.getTag() != 0)
+ throw new BEREncodingException("malformed Content");
+
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed SignedData");
+
+ if (DEBUG)
+ debug("SignedData: " + val);
+
+ val = ber.read();
+ if (val.getTag() != BER.INTEGER)
+ throw new BEREncodingException("expecting Version");
+ version = (BigInteger) val.getValue();
+
+ if (DEBUG)
+ debug(" Version: " + version);
+
+ digestAlgorithms = new HashSet();
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed DigestAlgorithmIdentifiers");
+ if (DEBUG)
+ debug(" DigestAlgorithmIdentifiers: " + val);
+ int count = 0;
+ DERValue val2 = ber.read();
+ while (val2 != BER.END_OF_SEQUENCE &&
+ (val.getLength() > 0 && val.getLength() > count))
+ {
+ if (!val2.isConstructed())
+ throw new BEREncodingException("malformed AlgorithmIdentifier");
+ if (DEBUG)
+ debug(" AlgorithmIdentifier: " + val2);
+ count += val2.getEncodedLength();
+ val2 = ber.read();
+ if (val2.getTag() != BER.OBJECT_IDENTIFIER)
+ throw new BEREncodingException("malformed AlgorithmIdentifier");
+ if (DEBUG)
+ debug(" ID: " + val2.getValue());
+ List algId = new ArrayList(2);
+ algId.add(val2.getValue());
+ val2 = ber.read();
+ if (val2 != BER.END_OF_SEQUENCE)
+ {
+ count += val2.getEncodedLength();
+ if (val2.getTag() == BER.NULL)
+ algId.add(null);
+ else
+ algId.add(val2.getEncoded());
+ if (DEBUG)
+ debug(" params: " + new BigInteger(1, val2.getEncoded()).toString(16));
+ if (val2.isConstructed())
+ ber.skip(val2.getLength());
+ if (BERValue.isIndefinite(val))
+ val2 = ber.read();
+ }
+ else
+ algId.add(null);
+ digestAlgorithms.add(algId);
+ }
+
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed ContentInfo");
+ if (DEBUG)
+ debug(" ContentInfo: " + val);
+ val2 = ber.read();
+ if (val2.getTag() != BER.OBJECT_IDENTIFIER)
+ throw new BEREncodingException("malformed ContentType");
+ contentType = (OID) val2.getValue();
+ if (DEBUG)
+ debug(" ContentType: " + contentType);
+ if (BERValue.isIndefinite(val)
+ || (val.getLength() > 0 && val.getLength() > val2.getEncodedLength()))
+ {
+ val2 = ber.read();
+ if (val2 != BER.END_OF_SEQUENCE)
+ {
+ content = val2.getEncoded();
+ if (BERValue.isIndefinite(val))
+ val2 = ber.read();
+ if (DEBUG)
+ debug(" Content: " + new BigInteger(1, content).toString(16));
+ }
+ }
+
+ val = ber.read();
+ if (val.getTag() == 0)
+ {
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed ExtendedCertificatesAndCertificates");
+ if (DEBUG)
+ debug(" ExtendedCertificatesAndCertificates: " + val);
+ count = 0;
+ val2 = ber.read();
+ List certs = new LinkedList();
+ while (val2 != BER.END_OF_SEQUENCE &&
+ (val.getLength() > 0 && val.getLength() > count))
+ {
+ Certificate cert =
+ x509.generateCertificate(new ByteArrayInputStream(val2.getEncoded()));
+ if (DEBUG)
+ debug(" Certificate: " + cert);
+ certs.add(cert);
+ count += val2.getEncodedLength();
+ ber.skip(val2.getLength());
+ if (BERValue.isIndefinite(val) || val.getLength() > count)
+ val2 = ber.read();
+ }
+ certificates = (Certificate[]) certs.toArray(new Certificate[certs.size()]);
+ val = ber.read();
+ }
+
+ if (val.getTag() == 1)
+ {
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed CertificateRevocationLists");
+ if (DEBUG)
+ debug(" CertificateRevocationLists: " + val);
+ count = 0;
+ val2 = ber.read();
+ List crls = new LinkedList();
+ while (val2 != BER.END_OF_SEQUENCE &&
+ (val.getLength() > 0 && val.getLength() > count))
+ {
+ CRL crl = x509.generateCRL(new ByteArrayInputStream(val2.getEncoded()));
+ if (DEBUG)
+ debug (" CRL: " + crl);
+ crls.add(crl);
+ count += val2.getEncodedLength();
+ ber.skip(val2.getLength());
+ if (BERValue.isIndefinite(val) || val.getLength() > count)
+ val2 = ber.read();
+ }
+ this.crls = (CRL[]) crls.toArray(new CRL[crls.size()]);
+ val = ber.read();
+ }
+
+ signerInfos = new HashSet();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed SignerInfos");
+
+ if (DEBUG)
+ debug(" SignerInfos: " + val);
+
+ // FIXME read this more carefully.
+ // Since we are just reading a file (probably) we just read until we
+ // reach the end.
+ while (true)
+ {
+ int i = ber.peek();
+ if (i == 0 || i == -1)
+ break;
+ signerInfos.add(new SignerInfo(ber));
+ }
+ }
*** Patch too long, truncated ***
More information about the kaffe
mailing list