+2004-09-21 Andreas Tobler <a.tobler@schweiz.ch>
+
+ Import the big Crypto/Jessie/Security merge from Classpath.
+
+ * Makefile.am: Add imported files.
+ * Makefile.in: Regenerate.
+
+ 2004-08-14 Casey Marshall <csm@gnu.org>
+
+ The Big Crypto Merge of 2004.
+
+ * javax/security/auth/x500/X500Principal.java: Replaced with GNU
+ Crypto's version.
+
+ Files imported from GNU Crypto.
+ * javax/crypto/BadPaddingException.java
+ * javax/crypto/Cipher.java
+ * javax/crypto/CipherInputStream.java
+ * javax/crypto/CipherOutputStream.java
+ * javax/crypto/CipherSpi.java
+ * javax/crypto/EncryptedPrivateKeyInfo.java
+ * javax/crypto/ExemptionMechanism.java
+ * javax/crypto/ExemptionMechanismException.java
+ * javax/crypto/ExemptionMechanismSpi.java
+ * javax/crypto/IllegalBlockSizeException.java
+ * javax/crypto/KeyAgreement.java
+ * javax/crypto/KeyAgreementSpi.java
+ * javax/crypto/KeyGenerator.java
+ * javax/crypto/KeyGeneratorSpi.java
+ * javax/crypto/Mac.java
+ * javax/crypto/MacSpi.java
+ * javax/crypto/Makefile.am
+ * javax/crypto/NoSuchPaddingException.java
+ * javax/crypto/NullCipher.java
+ * javax/crypto/NullCipherImpl.java
+ * javax/crypto/SealedObject.java
+ * javax/crypto/SecretKey.java
+ * javax/crypto/SecretKeyFactory.java
+ * javax/crypto/SecretKeyFactorySpi.java
+ * javax/crypto/ShortBufferException.java
+ * javax/crypto/interfaces/DHKey.java
+ * javax/crypto/interfaces/DHPrivateKey.java
+ * javax/crypto/interfaces/DHPublicKey.java
+ * javax/crypto/interfaces/PBEKey.java
+ * javax/crypto/spec/DESKeySpec.java
+ * javax/crypto/spec/DESedeKeySpec.java
+ * javax/crypto/spec/DHGenParameterSpec.java
+ * javax/crypto/spec/DHParameterSpec.java
+ * javax/crypto/spec/DHPrivateKeySpec.java
+ * javax/crypto/spec/DHPublicKeySpec.java
+ * javax/crypto/spec/IvParameterSpec.java
+ * javax/crypto/spec/PBEKeySpec.java
+ * javax/crypto/spec/PBEParameterSpec.java
+ * javax/crypto/spec/RC2ParameterSpec.java
+ * javax/crypto/spec/RC5ParameterSpec.java
+ * javax/crypto/spec/SecretKeySpec.java
+ * javax/security/auth/AuthPermission.java
+ * javax/security/auth/DestroyFailedException.java
+ * javax/security/auth/Destroyable.java
+ * javax/security/auth/Policy.java
+ * javax/security/auth/PrivateCredentialPermission.java
+ * javax/security/auth/RefreshFailedException.java
+ * javax/security/auth/Refreshable.java
+ * javax/security/auth/Subject.java
+ * javax/security/auth/SubjectDomainCombiner.java
+ * javax/security/auth/callback/Callback.java
+ * javax/security/auth/callback/CallbackHandler.java
+ * javax/security/auth/callback/ChoiceCallback.java
+ * javax/security/auth/callback/ConfirmationCallback.java
+ * javax/security/auth/callback/LanguageCallback.java
+ * javax/security/auth/callback/NameCallback.java
+ * javax/security/auth/callback/PasswordCallback.java
+ * javax/security/auth/callback/TextInputCallback.java
+ * javax/security/auth/callback/TextOutputCallback.java
+ * javax/security/auth/callback/UnsupportedCallbackException.java
+ * javax/security/auth/login/AccountExpiredException.java
+ * javax/security/auth/login/AppConfigurationEntry.java
+ * javax/security/auth/login/Configuration.java
+ * javax/security/auth/login/CredentialExpiredException.java
+ * javax/security/auth/login/FailedLoginException.java
+ * javax/security/auth/login/LoginContext.java
+ * javax/security/auth/login/LoginException.java
+ * javax/security/auth/login/NullConfiguration.java
+ * javax/security/auth/x500/X500PrivateCredential.java
+ * javax/security/sasl/AuthenticationException.java
+ * javax/security/sasl/AuthorizeCallback.java
+ * javax/security/sasl/RealmCallback.java
+ * javax/security/sasl/RealmChoiceCallback.java
+ * javax/security/sasl/Sasl.java
+ * javax/security/sasl/SaslClient.java
+ * javax/security/sasl/SaslClientFactory.java
+ * javax/security/sasl/SaslException.java
+ * javax/security/sasl/SaslServer.java
+ * javax/security/sasl/SaslServerFactory.java
+ * org/ietf/jgss/ChannelBinding.java
+ * org/ietf/jgss/GSSContext.java
+ * org/ietf/jgss/GSSCredential.java
+ * org/ietf/jgss/GSSException.java
+ * org/ietf/jgss/GSSManager.java
+ * org/ietf/jgss/GSSName.java
+ * org/ietf/jgss/MessageProp.java
+ * org/ietf/jgss/Oid.java
+ * org/ietf/jgss/MessagesBundle.properties
+
+ Files imported from Jessie <http://www.nongnu.org/jessie/>
+ * javax/net/ServerSocketFactory.java
+ * javax/net/SocketFactory.java
+ * javax/net/VanillaServerSocketFactory.java
+ * javax/net/VanillaSocketFactory.java
+ * javax/net/ssl/HandshakeCompletedEvent.java
+ * javax/net/ssl/HandshakeCompletedListener.java
+ * javax/net/ssl/HostnameVerifier.java
+ * javax/net/ssl/HttpsURLConnection.java
+ * javax/net/ssl/KeyManager.java
+ * javax/net/ssl/KeyManagerFactory.java
+ * javax/net/ssl/KeyManagerFactorySpi.java
+ * javax/net/ssl/ManagerFactoryParameters.java
+ * javax/net/ssl/SSLContext.java
+ * javax/net/ssl/SSLContextSpi.java
+ * javax/net/ssl/SSLException.java
+ * javax/net/ssl/SSLHandshakeException.java
+ * javax/net/ssl/SSLKeyException.java
+ * javax/net/ssl/SSLPeerUnverifiedException.java
+ * javax/net/ssl/SSLPermission.java
+ * javax/net/ssl/SSLProtocolException.java
+ * javax/net/ssl/SSLServerSocket.java
+ * javax/net/ssl/SSLServerSocketFactory.java
+ * javax/net/ssl/SSLSession.java
+ * javax/net/ssl/SSLSessionBindingEvent.java
+ * javax/net/ssl/SSLSessionBindingListener.java
+ * javax/net/ssl/SSLSessionContext.java
+ * javax/net/ssl/SSLSocket.java
+ * javax/net/ssl/SSLSocketFactory.java
+ * javax/net/ssl/TrivialHostnameVerifier.java
+ * javax/net/ssl/TrustManager.java
+ * javax/net/ssl/TrustManagerFactory.java
+ * javax/net/ssl/TrustManagerFactorySpi.java
+ * javax/net/ssl/X509KeyManager.java
+ * javax/net/ssl/X509TrustManager.java
+ * javax/security/cert/Certificate.java
+ * javax/security/cert/CertificateEncodingException.java
+ * javax/security/cert/CertificateException.java
+ * javax/security/cert/CertificateExpiredException.java
+ * javax/security/cert/CertificateNotYetValidException.java
+ * javax/security/cert/CertificateParsingException.java
+ * javax/security/cert/X509CertBridge.java
+ * javax/security/cert/X509Certificate.java
+
+ 2004-08-20 Casey Marshall <csm@gnu.org>
+
+ * java/security/cert/X509CRLSelector.java: New file.
+ * java/security/cert/X509CertSelector.java: New file.
+
2004-09-15 Michael Koch <konqueror@gmx.de>
* gnu/java/net/protocol/file/Handler.java
cond_gtk_ltlibrary =
endif
-toolexeclib_LTLIBRARIES = libgcj.la libgij.la lib-org-xml-sax.la lib-org-w3c-dom.la \
+toolexeclib_LTLIBRARIES = libgcj.la libgij.la lib-org-xml-sax.la \
+ lib-org-w3c-dom.la lib-org-ietf-jgss.la \
$(cond_gtk_ltlibrary) $(cond_xlib_ltlibrary)
toolexecmainlib_DATA = libgcj.spec
-version-info `grep -v '^\#' $(srcdir)/libtool-version`
lib_gnu_java_awt_peer_gtk_la_LINK = $(LIBLINK)
+lib_org_ietf_jgss_la_SOURCES = \
+org/ietf/jgss/ChannelBinding.java \
+org/ietf/jgss/GSSContext.java \
+org/ietf/jgss/GSSCredential.java \
+org/ietf/jgss/GSSException.java \
+org/ietf/jgss/GSSManager.java \
+org/ietf/jgss/GSSName.java \
+org/ietf/jgss/MessageProp.java \
+org/ietf/jgss/Oid.java
+
+lib_org_ietf_jgss_la_DEPENDENCIES= $(jgss_propertyo_files)
+## See jv_convert_LDADD.
+lib_org_ietf_jgss_la_LIBADD = -L$(here)/.libs $(jgss_propertyo_files)
+
+## The mysterious backslash in the grep pattern is consumed by make.
+lib_org_ietf_jgss_la_LDFLAGS = -rpath $(toolexeclibdir) \
+ -version-info `grep -v '^\#' $(srcdir)/libtool-version`
+
lib_org_w3c_dom_la_SOURCES = org/w3c/dom/Attr.java \
org/w3c/dom/CDATASection.java \
org/w3c/dom/CharacterData.java \
all_java_source_files = \
$(java_source_files) \
$(built_java_source_files) \
+ $(lib_org_ietf_jgss_la_SOURCES) \
$(lib_org_xml_sax_la_SOURCES) \
$(lib_org_w3c_dom_la_SOURCES) \
$(gtk_awt_peer_sources) \
## Build property files into the library.
property_files = \
gnu/regexp/MessagesBundle.properties \
-gnu/regexp/MessagesBundle_fr.properties
+gnu/regexp/MessagesBundle_fr.properties
propertyo_files = $(property_files:.properties=.properties.lo)
+%.properties.lo: %.properties
+ $(LTGCJCOMPILE) -o $@ -c $< -Wc,--resource,`echo $@ | sed "s/\.lo$$//"`
+
+## Build property files into the lib-org-ietf-jgss library.
+jgss_property_files = \
+org/ietf/jgss/MessagesBundle.properties
+
+jgss_propertyo_files = $(jgss_property_files:.properties=.properties.lo)
+
%.properties.lo: %.properties
$(LTGCJCOMPILE) -o $@ -c $< -Wc,--resource,`echo $@ | sed "s/\.lo$$//"`
## Note: we omit StackTrace here, since it has an explicit rule a bit
## later, and GNU make will warn in this case.
-$(filter-out gnu/gcj/runtime/StackTrace.lo, $(javao_files)) $(xlib_javao_files) $(lib_org_w3c_dom_la_OBJECTS) $(lib_org_xml_sax_la_OBJECTS): %.lo: %.java
+$(filter-out gnu/gcj/runtime/StackTrace.lo, $(javao_files)) $(xlib_javao_files) $(lib_org_w3c_dom_la_OBJECTS) $(lib_org_xml_sax_la_OBJECTS) $(lib_org_ietf_jgss_la_OBJECTS): %.lo: %.java
$(LTGCJCOMPILE) -o $@ -c $<
$(gtk_awt_peer_sources:.java=.lo): %.lo: %.java
javax/accessibility/AccessibleTableModelChange.java \
javax/accessibility/AccessibleText.java \
javax/accessibility/AccessibleValue.java \
+javax/crypto/BadPaddingException.java \
+javax/crypto/Cipher.java \
+javax/crypto/CipherInputStream.java \
+javax/crypto/CipherOutputStream.java \
+javax/crypto/CipherSpi.java \
+javax/crypto/EncryptedPrivateKeyInfo.java \
+javax/crypto/KeyGeneratorSpi.java \
+javax/crypto/ExemptionMechanism.java \
+javax/crypto/ExemptionMechanismException.java \
+javax/crypto/ExemptionMechanismSpi.java \
+javax/crypto/IllegalBlockSizeException.java \
+javax/crypto/KeyAgreement.java \
+javax/crypto/KeyAgreementSpi.java \
+javax/crypto/KeyGenerator.java \
+javax/crypto/Mac.java \
+javax/crypto/MacSpi.java \
+javax/crypto/NoSuchPaddingException.java \
+javax/crypto/NullCipher.java \
+javax/crypto/NullCipherImpl.java \
+javax/crypto/SealedObject.java \
+javax/crypto/SecretKey.java \
+javax/crypto/SecretKeyFactory.java \
+javax/crypto/SecretKeyFactorySpi.java \
+javax/crypto/ShortBufferException.java \
+javax/crypto/interfaces/DHKey.java \
+javax/crypto/interfaces/DHPrivateKey.java \
+javax/crypto/interfaces/DHPublicKey.java \
+javax/crypto/interfaces/PBEKey.java \
+javax/crypto/spec/DESKeySpec.java \
+javax/crypto/spec/DESedeKeySpec.java \
+javax/crypto/spec/DHGenParameterSpec.java \
+javax/crypto/spec/DHParameterSpec.java \
+javax/crypto/spec/DHPrivateKeySpec.java \
+javax/crypto/spec/DHPublicKeySpec.java \
+javax/crypto/spec/IvParameterSpec.java \
+javax/crypto/spec/PBEKeySpec.java \
+javax/crypto/spec/PBEParameterSpec.java \
+javax/crypto/spec/RC2ParameterSpec.java \
+javax/crypto/spec/RC5ParameterSpec.java \
+javax/crypto/spec/SecretKeySpec.java \
javax/imageio/IIOException.java \
javax/imageio/ImageReader.java \
javax/imageio/ImageTranscoder.java \
javax/naming/ldap/UnsolicitedNotificationEvent.java \
javax/naming/ldap/UnsolicitedNotificationListener.java \
javax/naming/OperationNotSupportedException.java \
+javax/net/ServerSocketFactory.java \
+javax/net/SocketFactory.java \
+javax/net/ssl/HandshakeCompletedEvent.java \
+javax/net/ssl/HandshakeCompletedListener.java \
+javax/net/ssl/HostnameVerifier.java \
+javax/net/ssl/HttpsURLConnection.java \
+javax/net/ssl/KeyManager.java \
+javax/net/ssl/KeyManagerFactory.java \
+javax/net/ssl/KeyManagerFactorySpi.java \
+javax/net/ssl/ManagerFactoryParameters.java \
+javax/net/ssl/SSLProtocolException.java \
+javax/net/ssl/SSLContext.java \
+javax/net/ssl/SSLContextSpi.java \
+javax/net/ssl/SSLException.java \
+javax/net/ssl/SSLHandshakeException.java \
+javax/net/ssl/SSLKeyException.java \
+javax/net/ssl/SSLPeerUnverifiedException.java \
+javax/net/ssl/SSLPermission.java \
+javax/net/ssl/SSLServerSocket.java \
+javax/net/ssl/SSLServerSocketFactory.java \
+javax/net/ssl/SSLSession.java \
+javax/net/ssl/SSLSessionBindingEvent.java \
+javax/net/ssl/SSLSessionBindingListener.java \
+javax/net/ssl/SSLSessionContext.java \
+javax/net/ssl/SSLSocket.java \
+javax/net/ssl/SSLSocketFactory.java \
+javax/net/ssl/TrivialHostnameVerifier.java \
+javax/net/ssl/TrustManager.java \
+javax/net/ssl/TrustManagerFactory.java \
+javax/net/ssl/TrustManagerFactorySpi.java \
+javax/net/ssl/X509KeyManager.java \
+javax/net/ssl/X509TrustManager.java \
+javax/net/VanillaSocketFactory.java \
+javax/net/VanillaServerSocketFactory.java \
javax/print/AttributeException.java \
javax/print/CancelablePrintJob.java \
javax/print/Doc.java \
javax/print/event/PrintJobListener.java \
javax/print/event/PrintServiceAttributeEvent.java \
javax/print/event/PrintServiceAttributeListener.java \
+javax/security/auth/AuthPermission.java \
+javax/security/auth/Destroyable.java \
+javax/security/auth/DestroyFailedException.java \
+javax/security/auth/login/AccountExpiredException.java \
+javax/security/auth/login/AppConfigurationEntry.java \
+javax/security/auth/login/Configuration.java \
+javax/security/auth/login/CredentialExpiredException.java \
+javax/security/auth/login/FailedLoginException.java \
+javax/security/auth/login/LoginContext.java \
+javax/security/auth/login/LoginException.java \
+javax/security/auth/login/NullConfiguration.java \
+javax/security/auth/Policy.java \
+javax/security/auth/PrivateCredentialPermission.java \
+javax/security/auth/Refreshable.java \
+javax/security/auth/RefreshFailedException.java \
+javax/security/auth/Subject.java \
+javax/security/auth/SubjectDomainCombiner.java \
javax/security/auth/x500/X500Principal.java \
+javax/security/auth/x500/X500PrivateCredential.java \
+javax/security/auth/callback/Callback.java \
+javax/security/auth/callback/CallbackHandler.java \
+javax/security/auth/callback/ChoiceCallback.java \
+javax/security/auth/callback/ConfirmationCallback.java \
+javax/security/auth/callback/LanguageCallback.java \
+javax/security/auth/callback/NameCallback.java \
+javax/security/auth/callback/PasswordCallback.java \
+javax/security/auth/callback/TextInputCallback.java \
+javax/security/auth/callback/TextOutputCallback.java \
+javax/security/auth/callback/UnsupportedCallbackException.java \
+javax/security/cert/Certificate.java \
+javax/security/cert/CertificateEncodingException.java \
+javax/security/cert/CertificateException.java \
+javax/security/cert/CertificateExpiredException.java \
+javax/security/cert/CertificateNotYetValidException.java \
+javax/security/cert/CertificateParsingException.java \
+javax/security/cert/X509CertBridge.java \
+javax/security/cert/X509Certificate.java \
+javax/security/sasl/AuthenticationException.java \
+javax/security/sasl/AuthorizeCallback.java \
+javax/security/sasl/RealmCallback.java \
+javax/security/sasl/RealmChoiceCallback.java \
+javax/security/sasl/Sasl.java \
+javax/security/sasl/SaslClient.java \
+javax/security/sasl/SaslClientFactory.java \
+javax/security/sasl/SaslException.java \
+javax/security/sasl/SaslServer.java \
+javax/security/sasl/SaslServerFactory.java \
javax/sql/ConnectionEvent.java \
javax/sql/ConnectionEventListener.java \
javax/sql/ConnectionPoolDataSource.java \
java/security/cert/TrustAnchor.java \
java/security/cert/X509CRL.java \
java/security/cert/X509CRLEntry.java \
+java/security/cert/X509CRLSelector.java \
java/security/cert/X509Certificate.java \
+java/security/cert/X509CertSelector.java \
java/security/cert/X509Extension.java \
java/security/interfaces/DSAKey.java \
java/security/interfaces/DSAKeyPairGenerator.java \
-SOURCES = $(lib_gnu_awt_xlib_la_SOURCES) $(lib_gnu_java_awt_peer_gtk_la_SOURCES) $(lib_org_w3c_dom_la_SOURCES) $(lib_org_xml_sax_la_SOURCES) $(libgcj_la_SOURCES) $(libgij_la_SOURCES) $(gen_from_JIS_SOURCES) $(gij_SOURCES) $(grmic_SOURCES) $(grmiregistry_SOURCES) $(jv_convert_SOURCES)
+SOURCES = $(lib_gnu_awt_xlib_la_SOURCES) $(lib_gnu_java_awt_peer_gtk_la_SOURCES) $(lib_org_ietf_jgss_la_SOURCES) $(lib_org_w3c_dom_la_SOURCES) $(lib_org_xml_sax_la_SOURCES) $(libgcj_la_SOURCES) $(libgij_la_SOURCES) $(gen_from_JIS_SOURCES) $(gij_SOURCES) $(grmic_SOURCES) $(grmiregistry_SOURCES) $(jv_convert_SOURCES)
srcdir = @srcdir@
top_srcdir = @top_srcdir@
$(am_lib_gnu_java_awt_peer_gtk_la_OBJECTS)
@GTK_AWT_TRUE@am_lib_gnu_java_awt_peer_gtk_la_rpath = -rpath \
@GTK_AWT_TRUE@ $(toolexeclibdir)
+am__DEPENDENCIES_2 = org/ietf/jgss/MessagesBundle.properties.lo
+am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2)
+am_lib_org_ietf_jgss_la_OBJECTS = org/ietf/jgss/ChannelBinding.lo \
+ org/ietf/jgss/GSSContext.lo org/ietf/jgss/GSSCredential.lo \
+ org/ietf/jgss/GSSException.lo org/ietf/jgss/GSSManager.lo \
+ org/ietf/jgss/GSSName.lo org/ietf/jgss/MessageProp.lo \
+ org/ietf/jgss/Oid.lo
+lib_org_ietf_jgss_la_OBJECTS = $(am_lib_org_ietf_jgss_la_OBJECTS)
lib_org_w3c_dom_la_DEPENDENCIES = libgcj.la
am_lib_org_w3c_dom_la_OBJECTS = org/w3c/dom/Attr.lo \
org/w3c/dom/CDATASection.lo org/w3c/dom/CharacterData.lo \
org/xml/sax/SAXParseException.lo org/xml/sax/XMLFilter.lo \
org/xml/sax/XMLReader.lo
lib_org_xml_sax_la_OBJECTS = $(am_lib_org_xml_sax_la_OBJECTS)
-am__DEPENDENCIES_2 = gnu/regexp/MessagesBundle.properties.lo \
+am__DEPENDENCIES_4 = gnu/regexp/MessagesBundle.properties.lo \
gnu/regexp/MessagesBundle_fr.properties.lo
-am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2)
+am__DEPENDENCIES_5 = $(am__DEPENDENCIES_4)
am__libgcj_la_SOURCES_DIST = prims.cc jni.cc exception.cc resolve.cc \
defineclass.cc interpret.cc verify.cc gnu/gcj/natCore.cc \
gnu/gcj/convert/JIS0208_to_Unicode.cc \
java/security/cert/TrustAnchor.java \
java/security/cert/X509CRL.java \
java/security/cert/X509CRLEntry.java \
+ java/security/cert/X509CRLSelector.java \
java/security/cert/X509Certificate.java \
+ java/security/cert/X509CertSelector.java \
java/security/cert/X509Extension.java \
java/security/interfaces/DSAKey.java \
java/security/interfaces/DSAKeyPairGenerator.java \
javax/accessibility/AccessibleTableModelChange.java \
javax/accessibility/AccessibleText.java \
javax/accessibility/AccessibleValue.java \
+ javax/crypto/BadPaddingException.java javax/crypto/Cipher.java \
+ javax/crypto/CipherInputStream.java \
+ javax/crypto/CipherOutputStream.java \
+ javax/crypto/CipherSpi.java \
+ javax/crypto/EncryptedPrivateKeyInfo.java \
+ javax/crypto/KeyGeneratorSpi.java \
+ javax/crypto/ExemptionMechanism.java \
+ javax/crypto/ExemptionMechanismException.java \
+ javax/crypto/ExemptionMechanismSpi.java \
+ javax/crypto/IllegalBlockSizeException.java \
+ javax/crypto/KeyAgreement.java \
+ javax/crypto/KeyAgreementSpi.java \
+ javax/crypto/KeyGenerator.java javax/crypto/Mac.java \
+ javax/crypto/MacSpi.java \
+ javax/crypto/NoSuchPaddingException.java \
+ javax/crypto/NullCipher.java javax/crypto/NullCipherImpl.java \
+ javax/crypto/SealedObject.java javax/crypto/SecretKey.java \
+ javax/crypto/SecretKeyFactory.java \
+ javax/crypto/SecretKeyFactorySpi.java \
+ javax/crypto/ShortBufferException.java \
+ javax/crypto/interfaces/DHKey.java \
+ javax/crypto/interfaces/DHPrivateKey.java \
+ javax/crypto/interfaces/DHPublicKey.java \
+ javax/crypto/interfaces/PBEKey.java \
+ javax/crypto/spec/DESKeySpec.java \
+ javax/crypto/spec/DESedeKeySpec.java \
+ javax/crypto/spec/DHGenParameterSpec.java \
+ javax/crypto/spec/DHParameterSpec.java \
+ javax/crypto/spec/DHPrivateKeySpec.java \
+ javax/crypto/spec/DHPublicKeySpec.java \
+ javax/crypto/spec/IvParameterSpec.java \
+ javax/crypto/spec/PBEKeySpec.java \
+ javax/crypto/spec/PBEParameterSpec.java \
+ javax/crypto/spec/RC2ParameterSpec.java \
+ javax/crypto/spec/RC5ParameterSpec.java \
+ javax/crypto/spec/SecretKeySpec.java \
javax/imageio/IIOException.java javax/imageio/ImageReader.java \
javax/imageio/ImageTranscoder.java \
javax/imageio/ImageWriter.java \
javax/naming/ldap/UnsolicitedNotificationEvent.java \
javax/naming/ldap/UnsolicitedNotificationListener.java \
javax/naming/OperationNotSupportedException.java \
+ javax/net/ServerSocketFactory.java \
+ javax/net/SocketFactory.java \
+ javax/net/ssl/HandshakeCompletedEvent.java \
+ javax/net/ssl/HandshakeCompletedListener.java \
+ javax/net/ssl/HostnameVerifier.java \
+ javax/net/ssl/HttpsURLConnection.java \
+ javax/net/ssl/KeyManager.java \
+ javax/net/ssl/KeyManagerFactory.java \
+ javax/net/ssl/KeyManagerFactorySpi.java \
+ javax/net/ssl/ManagerFactoryParameters.java \
+ javax/net/ssl/SSLProtocolException.java \
+ javax/net/ssl/SSLContext.java javax/net/ssl/SSLContextSpi.java \
+ javax/net/ssl/SSLException.java \
+ javax/net/ssl/SSLHandshakeException.java \
+ javax/net/ssl/SSLKeyException.java \
+ javax/net/ssl/SSLPeerUnverifiedException.java \
+ javax/net/ssl/SSLPermission.java \
+ javax/net/ssl/SSLServerSocket.java \
+ javax/net/ssl/SSLServerSocketFactory.java \
+ javax/net/ssl/SSLSession.java \
+ javax/net/ssl/SSLSessionBindingEvent.java \
+ javax/net/ssl/SSLSessionBindingListener.java \
+ javax/net/ssl/SSLSessionContext.java \
+ javax/net/ssl/SSLSocket.java \
+ javax/net/ssl/SSLSocketFactory.java \
+ javax/net/ssl/TrivialHostnameVerifier.java \
+ javax/net/ssl/TrustManager.java \
+ javax/net/ssl/TrustManagerFactory.java \
+ javax/net/ssl/TrustManagerFactorySpi.java \
+ javax/net/ssl/X509KeyManager.java \
+ javax/net/ssl/X509TrustManager.java \
+ javax/net/VanillaSocketFactory.java \
+ javax/net/VanillaServerSocketFactory.java \
javax/print/AttributeException.java \
javax/print/CancelablePrintJob.java javax/print/Doc.java \
javax/print/DocFlavor.java javax/print/DocPrintJob.java \
javax/print/event/PrintJobListener.java \
javax/print/event/PrintServiceAttributeEvent.java \
javax/print/event/PrintServiceAttributeListener.java \
+ javax/security/auth/AuthPermission.java \
+ javax/security/auth/Destroyable.java \
+ javax/security/auth/DestroyFailedException.java \
+ javax/security/auth/login/AccountExpiredException.java \
+ javax/security/auth/login/AppConfigurationEntry.java \
+ javax/security/auth/login/Configuration.java \
+ javax/security/auth/login/CredentialExpiredException.java \
+ javax/security/auth/login/FailedLoginException.java \
+ javax/security/auth/login/LoginContext.java \
+ javax/security/auth/login/LoginException.java \
+ javax/security/auth/login/NullConfiguration.java \
+ javax/security/auth/Policy.java \
+ javax/security/auth/PrivateCredentialPermission.java \
+ javax/security/auth/Refreshable.java \
+ javax/security/auth/RefreshFailedException.java \
+ javax/security/auth/Subject.java \
+ javax/security/auth/SubjectDomainCombiner.java \
javax/security/auth/x500/X500Principal.java \
+ javax/security/auth/x500/X500PrivateCredential.java \
+ javax/security/auth/callback/Callback.java \
+ javax/security/auth/callback/CallbackHandler.java \
+ javax/security/auth/callback/ChoiceCallback.java \
+ javax/security/auth/callback/ConfirmationCallback.java \
+ javax/security/auth/callback/LanguageCallback.java \
+ javax/security/auth/callback/NameCallback.java \
+ javax/security/auth/callback/PasswordCallback.java \
+ javax/security/auth/callback/TextInputCallback.java \
+ javax/security/auth/callback/TextOutputCallback.java \
+ javax/security/auth/callback/UnsupportedCallbackException.java \
+ javax/security/cert/Certificate.java \
+ javax/security/cert/CertificateEncodingException.java \
+ javax/security/cert/CertificateException.java \
+ javax/security/cert/CertificateExpiredException.java \
+ javax/security/cert/CertificateNotYetValidException.java \
+ javax/security/cert/CertificateParsingException.java \
+ javax/security/cert/X509CertBridge.java \
+ javax/security/cert/X509Certificate.java \
+ javax/security/sasl/AuthenticationException.java \
+ javax/security/sasl/AuthorizeCallback.java \
+ javax/security/sasl/RealmCallback.java \
+ javax/security/sasl/RealmChoiceCallback.java \
+ javax/security/sasl/Sasl.java \
+ javax/security/sasl/SaslClient.java \
+ javax/security/sasl/SaslClientFactory.java \
+ javax/security/sasl/SaslException.java \
+ javax/security/sasl/SaslServer.java \
+ javax/security/sasl/SaslServerFactory.java \
javax/sql/ConnectionEvent.java \
javax/sql/ConnectionEventListener.java \
javax/sql/ConnectionPoolDataSource.java \
javax/accessibility/AccessibleTableModelChange.lo \
javax/accessibility/AccessibleText.lo \
javax/accessibility/AccessibleValue.lo \
+ javax/crypto/BadPaddingException.lo javax/crypto/Cipher.lo \
+ javax/crypto/CipherInputStream.lo \
+ javax/crypto/CipherOutputStream.lo javax/crypto/CipherSpi.lo \
+ javax/crypto/EncryptedPrivateKeyInfo.lo \
+ javax/crypto/KeyGeneratorSpi.lo \
+ javax/crypto/ExemptionMechanism.lo \
+ javax/crypto/ExemptionMechanismException.lo \
+ javax/crypto/ExemptionMechanismSpi.lo \
+ javax/crypto/IllegalBlockSizeException.lo \
+ javax/crypto/KeyAgreement.lo javax/crypto/KeyAgreementSpi.lo \
+ javax/crypto/KeyGenerator.lo javax/crypto/Mac.lo \
+ javax/crypto/MacSpi.lo javax/crypto/NoSuchPaddingException.lo \
+ javax/crypto/NullCipher.lo javax/crypto/NullCipherImpl.lo \
+ javax/crypto/SealedObject.lo javax/crypto/SecretKey.lo \
+ javax/crypto/SecretKeyFactory.lo \
+ javax/crypto/SecretKeyFactorySpi.lo \
+ javax/crypto/ShortBufferException.lo \
+ javax/crypto/interfaces/DHKey.lo \
+ javax/crypto/interfaces/DHPrivateKey.lo \
+ javax/crypto/interfaces/DHPublicKey.lo \
+ javax/crypto/interfaces/PBEKey.lo \
+ javax/crypto/spec/DESKeySpec.lo \
+ javax/crypto/spec/DESedeKeySpec.lo \
+ javax/crypto/spec/DHGenParameterSpec.lo \
+ javax/crypto/spec/DHParameterSpec.lo \
+ javax/crypto/spec/DHPrivateKeySpec.lo \
+ javax/crypto/spec/DHPublicKeySpec.lo \
+ javax/crypto/spec/IvParameterSpec.lo \
+ javax/crypto/spec/PBEKeySpec.lo \
+ javax/crypto/spec/PBEParameterSpec.lo \
+ javax/crypto/spec/RC2ParameterSpec.lo \
+ javax/crypto/spec/RC5ParameterSpec.lo \
+ javax/crypto/spec/SecretKeySpec.lo \
javax/imageio/IIOException.lo javax/imageio/ImageReader.lo \
javax/imageio/ImageTranscoder.lo javax/imageio/ImageWriter.lo \
javax/imageio/event/IIOReadProgressListener.lo \
javax/naming/ldap/UnsolicitedNotificationEvent.lo \
javax/naming/ldap/UnsolicitedNotificationListener.lo \
javax/naming/OperationNotSupportedException.lo \
+ javax/net/ServerSocketFactory.lo javax/net/SocketFactory.lo \
+ javax/net/ssl/HandshakeCompletedEvent.lo \
+ javax/net/ssl/HandshakeCompletedListener.lo \
+ javax/net/ssl/HostnameVerifier.lo \
+ javax/net/ssl/HttpsURLConnection.lo \
+ javax/net/ssl/KeyManager.lo javax/net/ssl/KeyManagerFactory.lo \
+ javax/net/ssl/KeyManagerFactorySpi.lo \
+ javax/net/ssl/ManagerFactoryParameters.lo \
+ javax/net/ssl/SSLProtocolException.lo \
+ javax/net/ssl/SSLContext.lo javax/net/ssl/SSLContextSpi.lo \
+ javax/net/ssl/SSLException.lo \
+ javax/net/ssl/SSLHandshakeException.lo \
+ javax/net/ssl/SSLKeyException.lo \
+ javax/net/ssl/SSLPeerUnverifiedException.lo \
+ javax/net/ssl/SSLPermission.lo \
+ javax/net/ssl/SSLServerSocket.lo \
+ javax/net/ssl/SSLServerSocketFactory.lo \
+ javax/net/ssl/SSLSession.lo \
+ javax/net/ssl/SSLSessionBindingEvent.lo \
+ javax/net/ssl/SSLSessionBindingListener.lo \
+ javax/net/ssl/SSLSessionContext.lo javax/net/ssl/SSLSocket.lo \
+ javax/net/ssl/SSLSocketFactory.lo \
+ javax/net/ssl/TrivialHostnameVerifier.lo \
+ javax/net/ssl/TrustManager.lo \
+ javax/net/ssl/TrustManagerFactory.lo \
+ javax/net/ssl/TrustManagerFactorySpi.lo \
+ javax/net/ssl/X509KeyManager.lo \
+ javax/net/ssl/X509TrustManager.lo \
+ javax/net/VanillaSocketFactory.lo \
+ javax/net/VanillaServerSocketFactory.lo \
javax/print/AttributeException.lo \
javax/print/CancelablePrintJob.lo javax/print/Doc.lo \
javax/print/DocFlavor.lo javax/print/DocPrintJob.lo \
javax/print/event/PrintJobListener.lo \
javax/print/event/PrintServiceAttributeEvent.lo \
javax/print/event/PrintServiceAttributeListener.lo \
+ javax/security/auth/AuthPermission.lo \
+ javax/security/auth/Destroyable.lo \
+ javax/security/auth/DestroyFailedException.lo \
+ javax/security/auth/login/AccountExpiredException.lo \
+ javax/security/auth/login/AppConfigurationEntry.lo \
+ javax/security/auth/login/Configuration.lo \
+ javax/security/auth/login/CredentialExpiredException.lo \
+ javax/security/auth/login/FailedLoginException.lo \
+ javax/security/auth/login/LoginContext.lo \
+ javax/security/auth/login/LoginException.lo \
+ javax/security/auth/login/NullConfiguration.lo \
+ javax/security/auth/Policy.lo \
+ javax/security/auth/PrivateCredentialPermission.lo \
+ javax/security/auth/Refreshable.lo \
+ javax/security/auth/RefreshFailedException.lo \
+ javax/security/auth/Subject.lo \
+ javax/security/auth/SubjectDomainCombiner.lo \
javax/security/auth/x500/X500Principal.lo \
+ javax/security/auth/x500/X500PrivateCredential.lo \
+ javax/security/auth/callback/Callback.lo \
+ javax/security/auth/callback/CallbackHandler.lo \
+ javax/security/auth/callback/ChoiceCallback.lo \
+ javax/security/auth/callback/ConfirmationCallback.lo \
+ javax/security/auth/callback/LanguageCallback.lo \
+ javax/security/auth/callback/NameCallback.lo \
+ javax/security/auth/callback/PasswordCallback.lo \
+ javax/security/auth/callback/TextInputCallback.lo \
+ javax/security/auth/callback/TextOutputCallback.lo \
+ javax/security/auth/callback/UnsupportedCallbackException.lo \
+ javax/security/cert/Certificate.lo \
+ javax/security/cert/CertificateEncodingException.lo \
+ javax/security/cert/CertificateException.lo \
+ javax/security/cert/CertificateExpiredException.lo \
+ javax/security/cert/CertificateNotYetValidException.lo \
+ javax/security/cert/CertificateParsingException.lo \
+ javax/security/cert/X509CertBridge.lo \
+ javax/security/cert/X509Certificate.lo \
+ javax/security/sasl/AuthenticationException.lo \
+ javax/security/sasl/AuthorizeCallback.lo \
+ javax/security/sasl/RealmCallback.lo \
+ javax/security/sasl/RealmChoiceCallback.lo \
+ javax/security/sasl/Sasl.lo javax/security/sasl/SaslClient.lo \
+ javax/security/sasl/SaslClientFactory.lo \
+ javax/security/sasl/SaslException.lo \
+ javax/security/sasl/SaslServer.lo \
+ javax/security/sasl/SaslServerFactory.lo \
javax/sql/ConnectionEvent.lo \
javax/sql/ConnectionEventListener.lo \
javax/sql/ConnectionPoolDataSource.lo javax/sql/DataSource.lo \
java/security/cert/TrustAnchor.lo \
java/security/cert/X509CRL.lo \
java/security/cert/X509CRLEntry.lo \
+ java/security/cert/X509CRLSelector.lo \
java/security/cert/X509Certificate.lo \
+ java/security/cert/X509CertSelector.lo \
java/security/cert/X509Extension.lo \
java/security/interfaces/DSAKey.lo \
java/security/interfaces/DSAKeyPairGenerator.lo \
GCJLD = $(GCJ)
SOURCES = $(lib_gnu_awt_xlib_la_SOURCES) \
$(lib_gnu_java_awt_peer_gtk_la_SOURCES) \
- $(lib_org_w3c_dom_la_SOURCES) $(lib_org_xml_sax_la_SOURCES) \
- $(libgcj_la_SOURCES) $(libgij_la_SOURCES) \
- $(gen_from_JIS_SOURCES) $(gij_SOURCES) $(grmic_SOURCES) \
- $(grmiregistry_SOURCES) $(jv_convert_SOURCES)
+ $(lib_org_ietf_jgss_la_SOURCES) $(lib_org_w3c_dom_la_SOURCES) \
+ $(lib_org_xml_sax_la_SOURCES) $(libgcj_la_SOURCES) \
+ $(libgij_la_SOURCES) $(gen_from_JIS_SOURCES) $(gij_SOURCES) \
+ $(grmic_SOURCES) $(grmiregistry_SOURCES) $(jv_convert_SOURCES)
DIST_SOURCES = $(lib_gnu_awt_xlib_la_SOURCES) \
$(am__lib_gnu_java_awt_peer_gtk_la_SOURCES_DIST) \
- $(lib_org_w3c_dom_la_SOURCES) $(lib_org_xml_sax_la_SOURCES) \
- $(am__libgcj_la_SOURCES_DIST) $(libgij_la_SOURCES) \
- $(am__gen_from_JIS_SOURCES_DIST) $(gij_SOURCES) \
- $(grmic_SOURCES) $(grmiregistry_SOURCES) $(jv_convert_SOURCES)
+ $(lib_org_ietf_jgss_la_SOURCES) $(lib_org_w3c_dom_la_SOURCES) \
+ $(lib_org_xml_sax_la_SOURCES) $(am__libgcj_la_SOURCES_DIST) \
+ $(libgij_la_SOURCES) $(am__gen_from_JIS_SOURCES_DIST) \
+ $(gij_SOURCES) $(grmic_SOURCES) $(grmiregistry_SOURCES) \
+ $(jv_convert_SOURCES)
RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
html-recursive info-recursive install-data-recursive \
install-exec-recursive install-info-recursive \
@XLIB_AWT_TRUE@cond_xlib_ltlibrary = lib-gnu-awt-xlib.la
@GTK_AWT_FALSE@cond_gtk_ltlibrary =
@GTK_AWT_TRUE@cond_gtk_ltlibrary = lib-gnu-java-awt-peer-gtk.la
-toolexeclib_LTLIBRARIES = libgcj.la libgij.la lib-org-xml-sax.la lib-org-w3c-dom.la \
+toolexeclib_LTLIBRARIES = libgcj.la libgij.la lib-org-xml-sax.la \
+ lib-org-w3c-dom.la lib-org-ietf-jgss.la \
$(cond_gtk_ltlibrary) $(cond_xlib_ltlibrary)
toolexecmainlib_DATA = libgcj.spec
-version-info `grep -v '^\#' $(srcdir)/libtool-version`
lib_gnu_java_awt_peer_gtk_la_LINK = $(LIBLINK)
+lib_org_ietf_jgss_la_SOURCES = \
+org/ietf/jgss/ChannelBinding.java \
+org/ietf/jgss/GSSContext.java \
+org/ietf/jgss/GSSCredential.java \
+org/ietf/jgss/GSSException.java \
+org/ietf/jgss/GSSManager.java \
+org/ietf/jgss/GSSName.java \
+org/ietf/jgss/MessageProp.java \
+org/ietf/jgss/Oid.java
+
+lib_org_ietf_jgss_la_DEPENDENCIES = $(jgss_propertyo_files)
+lib_org_ietf_jgss_la_LIBADD = -L$(here)/.libs $(jgss_propertyo_files)
+lib_org_ietf_jgss_la_LDFLAGS = -rpath $(toolexeclibdir) \
+ -version-info `grep -v '^\#' $(srcdir)/libtool-version`
+
lib_org_w3c_dom_la_SOURCES = org/w3c/dom/Attr.java \
org/w3c/dom/CDATASection.java \
org/w3c/dom/CharacterData.java \
all_java_source_files = \
$(java_source_files) \
$(built_java_source_files) \
+ $(lib_org_ietf_jgss_la_SOURCES) \
$(lib_org_xml_sax_la_SOURCES) \
$(lib_org_w3c_dom_la_SOURCES) \
$(gtk_awt_peer_sources) \
all_java_class_files = $(all_java_source_files:.java=.class)
property_files = \
gnu/regexp/MessagesBundle.properties \
-gnu/regexp/MessagesBundle_fr.properties
+gnu/regexp/MessagesBundle_fr.properties
propertyo_files = $(property_files:.properties=.properties.lo)
+jgss_property_files = \
+org/ietf/jgss/MessagesBundle.properties
+
+jgss_propertyo_files = $(jgss_property_files:.properties=.properties.lo)
# Note: The libtool objects are removed by mostlyclean-local
# because of command-line-length issues.
javax/accessibility/AccessibleTableModelChange.java \
javax/accessibility/AccessibleText.java \
javax/accessibility/AccessibleValue.java \
+javax/crypto/BadPaddingException.java \
+javax/crypto/Cipher.java \
+javax/crypto/CipherInputStream.java \
+javax/crypto/CipherOutputStream.java \
+javax/crypto/CipherSpi.java \
+javax/crypto/EncryptedPrivateKeyInfo.java \
+javax/crypto/KeyGeneratorSpi.java \
+javax/crypto/ExemptionMechanism.java \
+javax/crypto/ExemptionMechanismException.java \
+javax/crypto/ExemptionMechanismSpi.java \
+javax/crypto/IllegalBlockSizeException.java \
+javax/crypto/KeyAgreement.java \
+javax/crypto/KeyAgreementSpi.java \
+javax/crypto/KeyGenerator.java \
+javax/crypto/Mac.java \
+javax/crypto/MacSpi.java \
+javax/crypto/NoSuchPaddingException.java \
+javax/crypto/NullCipher.java \
+javax/crypto/NullCipherImpl.java \
+javax/crypto/SealedObject.java \
+javax/crypto/SecretKey.java \
+javax/crypto/SecretKeyFactory.java \
+javax/crypto/SecretKeyFactorySpi.java \
+javax/crypto/ShortBufferException.java \
+javax/crypto/interfaces/DHKey.java \
+javax/crypto/interfaces/DHPrivateKey.java \
+javax/crypto/interfaces/DHPublicKey.java \
+javax/crypto/interfaces/PBEKey.java \
+javax/crypto/spec/DESKeySpec.java \
+javax/crypto/spec/DESedeKeySpec.java \
+javax/crypto/spec/DHGenParameterSpec.java \
+javax/crypto/spec/DHParameterSpec.java \
+javax/crypto/spec/DHPrivateKeySpec.java \
+javax/crypto/spec/DHPublicKeySpec.java \
+javax/crypto/spec/IvParameterSpec.java \
+javax/crypto/spec/PBEKeySpec.java \
+javax/crypto/spec/PBEParameterSpec.java \
+javax/crypto/spec/RC2ParameterSpec.java \
+javax/crypto/spec/RC5ParameterSpec.java \
+javax/crypto/spec/SecretKeySpec.java \
javax/imageio/IIOException.java \
javax/imageio/ImageReader.java \
javax/imageio/ImageTranscoder.java \
javax/naming/ldap/UnsolicitedNotificationEvent.java \
javax/naming/ldap/UnsolicitedNotificationListener.java \
javax/naming/OperationNotSupportedException.java \
+javax/net/ServerSocketFactory.java \
+javax/net/SocketFactory.java \
+javax/net/ssl/HandshakeCompletedEvent.java \
+javax/net/ssl/HandshakeCompletedListener.java \
+javax/net/ssl/HostnameVerifier.java \
+javax/net/ssl/HttpsURLConnection.java \
+javax/net/ssl/KeyManager.java \
+javax/net/ssl/KeyManagerFactory.java \
+javax/net/ssl/KeyManagerFactorySpi.java \
+javax/net/ssl/ManagerFactoryParameters.java \
+javax/net/ssl/SSLProtocolException.java \
+javax/net/ssl/SSLContext.java \
+javax/net/ssl/SSLContextSpi.java \
+javax/net/ssl/SSLException.java \
+javax/net/ssl/SSLHandshakeException.java \
+javax/net/ssl/SSLKeyException.java \
+javax/net/ssl/SSLPeerUnverifiedException.java \
+javax/net/ssl/SSLPermission.java \
+javax/net/ssl/SSLServerSocket.java \
+javax/net/ssl/SSLServerSocketFactory.java \
+javax/net/ssl/SSLSession.java \
+javax/net/ssl/SSLSessionBindingEvent.java \
+javax/net/ssl/SSLSessionBindingListener.java \
+javax/net/ssl/SSLSessionContext.java \
+javax/net/ssl/SSLSocket.java \
+javax/net/ssl/SSLSocketFactory.java \
+javax/net/ssl/TrivialHostnameVerifier.java \
+javax/net/ssl/TrustManager.java \
+javax/net/ssl/TrustManagerFactory.java \
+javax/net/ssl/TrustManagerFactorySpi.java \
+javax/net/ssl/X509KeyManager.java \
+javax/net/ssl/X509TrustManager.java \
+javax/net/VanillaSocketFactory.java \
+javax/net/VanillaServerSocketFactory.java \
javax/print/AttributeException.java \
javax/print/CancelablePrintJob.java \
javax/print/Doc.java \
javax/print/event/PrintJobListener.java \
javax/print/event/PrintServiceAttributeEvent.java \
javax/print/event/PrintServiceAttributeListener.java \
+javax/security/auth/AuthPermission.java \
+javax/security/auth/Destroyable.java \
+javax/security/auth/DestroyFailedException.java \
+javax/security/auth/login/AccountExpiredException.java \
+javax/security/auth/login/AppConfigurationEntry.java \
+javax/security/auth/login/Configuration.java \
+javax/security/auth/login/CredentialExpiredException.java \
+javax/security/auth/login/FailedLoginException.java \
+javax/security/auth/login/LoginContext.java \
+javax/security/auth/login/LoginException.java \
+javax/security/auth/login/NullConfiguration.java \
+javax/security/auth/Policy.java \
+javax/security/auth/PrivateCredentialPermission.java \
+javax/security/auth/Refreshable.java \
+javax/security/auth/RefreshFailedException.java \
+javax/security/auth/Subject.java \
+javax/security/auth/SubjectDomainCombiner.java \
javax/security/auth/x500/X500Principal.java \
+javax/security/auth/x500/X500PrivateCredential.java \
+javax/security/auth/callback/Callback.java \
+javax/security/auth/callback/CallbackHandler.java \
+javax/security/auth/callback/ChoiceCallback.java \
+javax/security/auth/callback/ConfirmationCallback.java \
+javax/security/auth/callback/LanguageCallback.java \
+javax/security/auth/callback/NameCallback.java \
+javax/security/auth/callback/PasswordCallback.java \
+javax/security/auth/callback/TextInputCallback.java \
+javax/security/auth/callback/TextOutputCallback.java \
+javax/security/auth/callback/UnsupportedCallbackException.java \
+javax/security/cert/Certificate.java \
+javax/security/cert/CertificateEncodingException.java \
+javax/security/cert/CertificateException.java \
+javax/security/cert/CertificateExpiredException.java \
+javax/security/cert/CertificateNotYetValidException.java \
+javax/security/cert/CertificateParsingException.java \
+javax/security/cert/X509CertBridge.java \
+javax/security/cert/X509Certificate.java \
+javax/security/sasl/AuthenticationException.java \
+javax/security/sasl/AuthorizeCallback.java \
+javax/security/sasl/RealmCallback.java \
+javax/security/sasl/RealmChoiceCallback.java \
+javax/security/sasl/Sasl.java \
+javax/security/sasl/SaslClient.java \
+javax/security/sasl/SaslClientFactory.java \
+javax/security/sasl/SaslException.java \
+javax/security/sasl/SaslServer.java \
+javax/security/sasl/SaslServerFactory.java \
javax/sql/ConnectionEvent.java \
javax/sql/ConnectionEventListener.java \
javax/sql/ConnectionPoolDataSource.java \
java/security/cert/TrustAnchor.java \
java/security/cert/X509CRL.java \
java/security/cert/X509CRLEntry.java \
+java/security/cert/X509CRLSelector.java \
java/security/cert/X509Certificate.java \
+java/security/cert/X509CertSelector.java \
java/security/cert/X509Extension.java \
java/security/interfaces/DSAKey.java \
java/security/interfaces/DSAKeyPairGenerator.java \
jni/classpath/$(DEPDIR)/$(am__dirstamp)
lib-gnu-java-awt-peer-gtk.la: $(lib_gnu_java_awt_peer_gtk_la_OBJECTS) $(lib_gnu_java_awt_peer_gtk_la_DEPENDENCIES)
$(lib_gnu_java_awt_peer_gtk_la_LINK) $(am_lib_gnu_java_awt_peer_gtk_la_rpath) $(lib_gnu_java_awt_peer_gtk_la_LDFLAGS) $(lib_gnu_java_awt_peer_gtk_la_OBJECTS) $(lib_gnu_java_awt_peer_gtk_la_LIBADD) $(LIBS)
+org/ietf/jgss/$(am__dirstamp):
+ @$(mkdir_p) org/ietf/jgss
+ @: > org/ietf/jgss/$(am__dirstamp)
+org/ietf/jgss/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) org/ietf/jgss/$(DEPDIR)
+ @: > org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+org/ietf/jgss/ChannelBinding.lo: org/ietf/jgss/$(am__dirstamp) \
+ org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+org/ietf/jgss/GSSContext.lo: org/ietf/jgss/$(am__dirstamp) \
+ org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+org/ietf/jgss/GSSCredential.lo: org/ietf/jgss/$(am__dirstamp) \
+ org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+org/ietf/jgss/GSSException.lo: org/ietf/jgss/$(am__dirstamp) \
+ org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+org/ietf/jgss/GSSManager.lo: org/ietf/jgss/$(am__dirstamp) \
+ org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+org/ietf/jgss/GSSName.lo: org/ietf/jgss/$(am__dirstamp) \
+ org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+org/ietf/jgss/MessageProp.lo: org/ietf/jgss/$(am__dirstamp) \
+ org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+org/ietf/jgss/Oid.lo: org/ietf/jgss/$(am__dirstamp) \
+ org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+lib-org-ietf-jgss.la: $(lib_org_ietf_jgss_la_OBJECTS) $(lib_org_ietf_jgss_la_DEPENDENCIES)
+ $(GCJLINK) -rpath $(toolexeclibdir) $(lib_org_ietf_jgss_la_LDFLAGS) $(lib_org_ietf_jgss_la_OBJECTS) $(lib_org_ietf_jgss_la_LIBADD) $(LIBS)
org/w3c/dom/$(am__dirstamp):
@$(mkdir_p) org/w3c/dom
@: > org/w3c/dom/$(am__dirstamp)
java/security/cert/X509CRLEntry.lo: \
java/security/cert/$(am__dirstamp) \
java/security/cert/$(DEPDIR)/$(am__dirstamp)
+java/security/cert/X509CRLSelector.lo: \
+ java/security/cert/$(am__dirstamp) \
+ java/security/cert/$(DEPDIR)/$(am__dirstamp)
java/security/cert/X509Certificate.lo: \
java/security/cert/$(am__dirstamp) \
java/security/cert/$(DEPDIR)/$(am__dirstamp)
+java/security/cert/X509CertSelector.lo: \
+ java/security/cert/$(am__dirstamp) \
+ java/security/cert/$(DEPDIR)/$(am__dirstamp)
java/security/cert/X509Extension.lo: \
java/security/cert/$(am__dirstamp) \
java/security/cert/$(DEPDIR)/$(am__dirstamp)
javax/accessibility/AccessibleValue.lo: \
javax/accessibility/$(am__dirstamp) \
javax/accessibility/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/$(am__dirstamp):
+ @$(mkdir_p) javax/crypto
+ @: > javax/crypto/$(am__dirstamp)
+javax/crypto/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/crypto/$(DEPDIR)
+ @: > javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/BadPaddingException.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/Cipher.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/CipherInputStream.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/CipherOutputStream.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/CipherSpi.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/EncryptedPrivateKeyInfo.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/KeyGeneratorSpi.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/ExemptionMechanism.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/ExemptionMechanismException.lo: \
+ javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/ExemptionMechanismSpi.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/IllegalBlockSizeException.lo: \
+ javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/KeyAgreement.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/KeyAgreementSpi.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/KeyGenerator.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/Mac.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/MacSpi.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/NoSuchPaddingException.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/NullCipher.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/NullCipherImpl.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/SealedObject.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/SecretKey.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/SecretKeyFactory.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/SecretKeyFactorySpi.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/ShortBufferException.lo: javax/crypto/$(am__dirstamp) \
+ javax/crypto/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/interfaces/$(am__dirstamp):
+ @$(mkdir_p) javax/crypto/interfaces
+ @: > javax/crypto/interfaces/$(am__dirstamp)
+javax/crypto/interfaces/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/crypto/interfaces/$(DEPDIR)
+ @: > javax/crypto/interfaces/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/interfaces/DHKey.lo: \
+ javax/crypto/interfaces/$(am__dirstamp) \
+ javax/crypto/interfaces/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/interfaces/DHPrivateKey.lo: \
+ javax/crypto/interfaces/$(am__dirstamp) \
+ javax/crypto/interfaces/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/interfaces/DHPublicKey.lo: \
+ javax/crypto/interfaces/$(am__dirstamp) \
+ javax/crypto/interfaces/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/interfaces/PBEKey.lo: \
+ javax/crypto/interfaces/$(am__dirstamp) \
+ javax/crypto/interfaces/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/$(am__dirstamp):
+ @$(mkdir_p) javax/crypto/spec
+ @: > javax/crypto/spec/$(am__dirstamp)
+javax/crypto/spec/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/crypto/spec/$(DEPDIR)
+ @: > javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/DESKeySpec.lo: javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/DESedeKeySpec.lo: javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/DHGenParameterSpec.lo: \
+ javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/DHParameterSpec.lo: \
+ javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/DHPrivateKeySpec.lo: \
+ javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/DHPublicKeySpec.lo: \
+ javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/IvParameterSpec.lo: \
+ javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/PBEKeySpec.lo: javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/PBEParameterSpec.lo: \
+ javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/RC2ParameterSpec.lo: \
+ javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/RC5ParameterSpec.lo: \
+ javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+javax/crypto/spec/SecretKeySpec.lo: javax/crypto/spec/$(am__dirstamp) \
+ javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
javax/imageio/$(am__dirstamp):
@$(mkdir_p) javax/imageio
@: > javax/imageio/$(am__dirstamp)
javax/naming/OperationNotSupportedException.lo: \
javax/naming/$(am__dirstamp) \
javax/naming/$(DEPDIR)/$(am__dirstamp)
+javax/net/$(am__dirstamp):
+ @$(mkdir_p) javax/net
+ @: > javax/net/$(am__dirstamp)
+javax/net/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/net/$(DEPDIR)
+ @: > javax/net/$(DEPDIR)/$(am__dirstamp)
+javax/net/ServerSocketFactory.lo: javax/net/$(am__dirstamp) \
+ javax/net/$(DEPDIR)/$(am__dirstamp)
+javax/net/SocketFactory.lo: javax/net/$(am__dirstamp) \
+ javax/net/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/$(am__dirstamp):
+ @$(mkdir_p) javax/net/ssl
+ @: > javax/net/ssl/$(am__dirstamp)
+javax/net/ssl/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/net/ssl/$(DEPDIR)
+ @: > javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/HandshakeCompletedEvent.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/HandshakeCompletedListener.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/HostnameVerifier.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/HttpsURLConnection.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/KeyManager.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/KeyManagerFactory.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/KeyManagerFactorySpi.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/ManagerFactoryParameters.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLProtocolException.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLContext.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLContextSpi.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLException.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLHandshakeException.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLKeyException.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLPeerUnverifiedException.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLPermission.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLServerSocket.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLServerSocketFactory.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLSession.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLSessionBindingEvent.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLSessionBindingListener.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLSessionContext.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLSocket.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/SSLSocketFactory.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/TrivialHostnameVerifier.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/TrustManager.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/TrustManagerFactory.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/TrustManagerFactorySpi.lo: \
+ javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/X509KeyManager.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/ssl/X509TrustManager.lo: javax/net/ssl/$(am__dirstamp) \
+ javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+javax/net/VanillaSocketFactory.lo: javax/net/$(am__dirstamp) \
+ javax/net/$(DEPDIR)/$(am__dirstamp)
+javax/net/VanillaServerSocketFactory.lo: javax/net/$(am__dirstamp) \
+ javax/net/$(DEPDIR)/$(am__dirstamp)
javax/print/$(am__dirstamp):
@$(mkdir_p) javax/print
@: > javax/print/$(am__dirstamp)
javax/print/event/PrintServiceAttributeListener.lo: \
javax/print/event/$(am__dirstamp) \
javax/print/event/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/$(am__dirstamp):
+ @$(mkdir_p) javax/security/auth
+ @: > javax/security/auth/$(am__dirstamp)
+javax/security/auth/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/security/auth/$(DEPDIR)
+ @: > javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/AuthPermission.lo: \
+ javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/Destroyable.lo: \
+ javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/DestroyFailedException.lo: \
+ javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/$(am__dirstamp):
+ @$(mkdir_p) javax/security/auth/login
+ @: > javax/security/auth/login/$(am__dirstamp)
+javax/security/auth/login/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/security/auth/login/$(DEPDIR)
+ @: > javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/AccountExpiredException.lo: \
+ javax/security/auth/login/$(am__dirstamp) \
+ javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/AppConfigurationEntry.lo: \
+ javax/security/auth/login/$(am__dirstamp) \
+ javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/Configuration.lo: \
+ javax/security/auth/login/$(am__dirstamp) \
+ javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/CredentialExpiredException.lo: \
+ javax/security/auth/login/$(am__dirstamp) \
+ javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/FailedLoginException.lo: \
+ javax/security/auth/login/$(am__dirstamp) \
+ javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/LoginContext.lo: \
+ javax/security/auth/login/$(am__dirstamp) \
+ javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/LoginException.lo: \
+ javax/security/auth/login/$(am__dirstamp) \
+ javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/login/NullConfiguration.lo: \
+ javax/security/auth/login/$(am__dirstamp) \
+ javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/Policy.lo: javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/PrivateCredentialPermission.lo: \
+ javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/Refreshable.lo: \
+ javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/RefreshFailedException.lo: \
+ javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/Subject.lo: javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/SubjectDomainCombiner.lo: \
+ javax/security/auth/$(am__dirstamp) \
+ javax/security/auth/$(DEPDIR)/$(am__dirstamp)
javax/security/auth/x500/$(am__dirstamp):
@$(mkdir_p) javax/security/auth/x500
@: > javax/security/auth/x500/$(am__dirstamp)
javax/security/auth/x500/X500Principal.lo: \
javax/security/auth/x500/$(am__dirstamp) \
javax/security/auth/x500/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/x500/X500PrivateCredential.lo: \
+ javax/security/auth/x500/$(am__dirstamp) \
+ javax/security/auth/x500/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/$(am__dirstamp):
+ @$(mkdir_p) javax/security/auth/callback
+ @: > javax/security/auth/callback/$(am__dirstamp)
+javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/security/auth/callback/$(DEPDIR)
+ @: > javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/Callback.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/CallbackHandler.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/ChoiceCallback.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/ConfirmationCallback.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/LanguageCallback.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/NameCallback.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/PasswordCallback.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/TextInputCallback.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/TextOutputCallback.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/auth/callback/UnsupportedCallbackException.lo: \
+ javax/security/auth/callback/$(am__dirstamp) \
+ javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/$(am__dirstamp):
+ @$(mkdir_p) javax/security/cert
+ @: > javax/security/cert/$(am__dirstamp)
+javax/security/cert/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/security/cert/$(DEPDIR)
+ @: > javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/Certificate.lo: \
+ javax/security/cert/$(am__dirstamp) \
+ javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/CertificateEncodingException.lo: \
+ javax/security/cert/$(am__dirstamp) \
+ javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/CertificateException.lo: \
+ javax/security/cert/$(am__dirstamp) \
+ javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/CertificateExpiredException.lo: \
+ javax/security/cert/$(am__dirstamp) \
+ javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/CertificateNotYetValidException.lo: \
+ javax/security/cert/$(am__dirstamp) \
+ javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/CertificateParsingException.lo: \
+ javax/security/cert/$(am__dirstamp) \
+ javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/X509CertBridge.lo: \
+ javax/security/cert/$(am__dirstamp) \
+ javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/cert/X509Certificate.lo: \
+ javax/security/cert/$(am__dirstamp) \
+ javax/security/cert/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/$(am__dirstamp):
+ @$(mkdir_p) javax/security/sasl
+ @: > javax/security/sasl/$(am__dirstamp)
+javax/security/sasl/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) javax/security/sasl/$(DEPDIR)
+ @: > javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/AuthenticationException.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/AuthorizeCallback.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/RealmCallback.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/RealmChoiceCallback.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/Sasl.lo: javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/SaslClient.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/SaslClientFactory.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/SaslException.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/SaslServer.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+javax/security/sasl/SaslServerFactory.lo: \
+ javax/security/sasl/$(am__dirstamp) \
+ javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
javax/sql/$(am__dirstamp):
@$(mkdir_p) javax/sql
@: > javax/sql/$(am__dirstamp)
-rm -f java/security/cert/X509CRL.lo
-rm -f java/security/cert/X509CRLEntry.$(OBJEXT)
-rm -f java/security/cert/X509CRLEntry.lo
+ -rm -f java/security/cert/X509CRLSelector.$(OBJEXT)
+ -rm -f java/security/cert/X509CRLSelector.lo
+ -rm -f java/security/cert/X509CertSelector.$(OBJEXT)
+ -rm -f java/security/cert/X509CertSelector.lo
-rm -f java/security/cert/X509Certificate.$(OBJEXT)
-rm -f java/security/cert/X509Certificate.lo
-rm -f java/security/cert/X509Extension.$(OBJEXT)
-rm -f javax/accessibility/AccessibleText.lo
-rm -f javax/accessibility/AccessibleValue.$(OBJEXT)
-rm -f javax/accessibility/AccessibleValue.lo
+ -rm -f javax/crypto/BadPaddingException.$(OBJEXT)
+ -rm -f javax/crypto/BadPaddingException.lo
+ -rm -f javax/crypto/Cipher.$(OBJEXT)
+ -rm -f javax/crypto/Cipher.lo
+ -rm -f javax/crypto/CipherInputStream.$(OBJEXT)
+ -rm -f javax/crypto/CipherInputStream.lo
+ -rm -f javax/crypto/CipherOutputStream.$(OBJEXT)
+ -rm -f javax/crypto/CipherOutputStream.lo
+ -rm -f javax/crypto/CipherSpi.$(OBJEXT)
+ -rm -f javax/crypto/CipherSpi.lo
+ -rm -f javax/crypto/EncryptedPrivateKeyInfo.$(OBJEXT)
+ -rm -f javax/crypto/EncryptedPrivateKeyInfo.lo
+ -rm -f javax/crypto/ExemptionMechanism.$(OBJEXT)
+ -rm -f javax/crypto/ExemptionMechanism.lo
+ -rm -f javax/crypto/ExemptionMechanismException.$(OBJEXT)
+ -rm -f javax/crypto/ExemptionMechanismException.lo
+ -rm -f javax/crypto/ExemptionMechanismSpi.$(OBJEXT)
+ -rm -f javax/crypto/ExemptionMechanismSpi.lo
+ -rm -f javax/crypto/IllegalBlockSizeException.$(OBJEXT)
+ -rm -f javax/crypto/IllegalBlockSizeException.lo
+ -rm -f javax/crypto/KeyAgreement.$(OBJEXT)
+ -rm -f javax/crypto/KeyAgreement.lo
+ -rm -f javax/crypto/KeyAgreementSpi.$(OBJEXT)
+ -rm -f javax/crypto/KeyAgreementSpi.lo
+ -rm -f javax/crypto/KeyGenerator.$(OBJEXT)
+ -rm -f javax/crypto/KeyGenerator.lo
+ -rm -f javax/crypto/KeyGeneratorSpi.$(OBJEXT)
+ -rm -f javax/crypto/KeyGeneratorSpi.lo
+ -rm -f javax/crypto/Mac.$(OBJEXT)
+ -rm -f javax/crypto/Mac.lo
+ -rm -f javax/crypto/MacSpi.$(OBJEXT)
+ -rm -f javax/crypto/MacSpi.lo
+ -rm -f javax/crypto/NoSuchPaddingException.$(OBJEXT)
+ -rm -f javax/crypto/NoSuchPaddingException.lo
+ -rm -f javax/crypto/NullCipher.$(OBJEXT)
+ -rm -f javax/crypto/NullCipher.lo
+ -rm -f javax/crypto/NullCipherImpl.$(OBJEXT)
+ -rm -f javax/crypto/NullCipherImpl.lo
+ -rm -f javax/crypto/SealedObject.$(OBJEXT)
+ -rm -f javax/crypto/SealedObject.lo
+ -rm -f javax/crypto/SecretKey.$(OBJEXT)
+ -rm -f javax/crypto/SecretKey.lo
+ -rm -f javax/crypto/SecretKeyFactory.$(OBJEXT)
+ -rm -f javax/crypto/SecretKeyFactory.lo
+ -rm -f javax/crypto/SecretKeyFactorySpi.$(OBJEXT)
+ -rm -f javax/crypto/SecretKeyFactorySpi.lo
+ -rm -f javax/crypto/ShortBufferException.$(OBJEXT)
+ -rm -f javax/crypto/ShortBufferException.lo
+ -rm -f javax/crypto/interfaces/DHKey.$(OBJEXT)
+ -rm -f javax/crypto/interfaces/DHKey.lo
+ -rm -f javax/crypto/interfaces/DHPrivateKey.$(OBJEXT)
+ -rm -f javax/crypto/interfaces/DHPrivateKey.lo
+ -rm -f javax/crypto/interfaces/DHPublicKey.$(OBJEXT)
+ -rm -f javax/crypto/interfaces/DHPublicKey.lo
+ -rm -f javax/crypto/interfaces/PBEKey.$(OBJEXT)
+ -rm -f javax/crypto/interfaces/PBEKey.lo
+ -rm -f javax/crypto/spec/DESKeySpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/DESKeySpec.lo
+ -rm -f javax/crypto/spec/DESedeKeySpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/DESedeKeySpec.lo
+ -rm -f javax/crypto/spec/DHGenParameterSpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/DHGenParameterSpec.lo
+ -rm -f javax/crypto/spec/DHParameterSpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/DHParameterSpec.lo
+ -rm -f javax/crypto/spec/DHPrivateKeySpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/DHPrivateKeySpec.lo
+ -rm -f javax/crypto/spec/DHPublicKeySpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/DHPublicKeySpec.lo
+ -rm -f javax/crypto/spec/IvParameterSpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/IvParameterSpec.lo
+ -rm -f javax/crypto/spec/PBEKeySpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/PBEKeySpec.lo
+ -rm -f javax/crypto/spec/PBEParameterSpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/PBEParameterSpec.lo
+ -rm -f javax/crypto/spec/RC2ParameterSpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/RC2ParameterSpec.lo
+ -rm -f javax/crypto/spec/RC5ParameterSpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/RC5ParameterSpec.lo
+ -rm -f javax/crypto/spec/SecretKeySpec.$(OBJEXT)
+ -rm -f javax/crypto/spec/SecretKeySpec.lo
-rm -f javax/imageio/IIOException.$(OBJEXT)
-rm -f javax/imageio/IIOException.lo
-rm -f javax/imageio/ImageReader.$(OBJEXT)
-rm -f javax/naming/spi/Resolver.lo
-rm -f javax/naming/spi/StateFactory.$(OBJEXT)
-rm -f javax/naming/spi/StateFactory.lo
+ -rm -f javax/net/ServerSocketFactory.$(OBJEXT)
+ -rm -f javax/net/ServerSocketFactory.lo
+ -rm -f javax/net/SocketFactory.$(OBJEXT)
+ -rm -f javax/net/SocketFactory.lo
+ -rm -f javax/net/VanillaServerSocketFactory.$(OBJEXT)
+ -rm -f javax/net/VanillaServerSocketFactory.lo
+ -rm -f javax/net/VanillaSocketFactory.$(OBJEXT)
+ -rm -f javax/net/VanillaSocketFactory.lo
+ -rm -f javax/net/ssl/HandshakeCompletedEvent.$(OBJEXT)
+ -rm -f javax/net/ssl/HandshakeCompletedEvent.lo
+ -rm -f javax/net/ssl/HandshakeCompletedListener.$(OBJEXT)
+ -rm -f javax/net/ssl/HandshakeCompletedListener.lo
+ -rm -f javax/net/ssl/HostnameVerifier.$(OBJEXT)
+ -rm -f javax/net/ssl/HostnameVerifier.lo
+ -rm -f javax/net/ssl/HttpsURLConnection.$(OBJEXT)
+ -rm -f javax/net/ssl/HttpsURLConnection.lo
+ -rm -f javax/net/ssl/KeyManager.$(OBJEXT)
+ -rm -f javax/net/ssl/KeyManager.lo
+ -rm -f javax/net/ssl/KeyManagerFactory.$(OBJEXT)
+ -rm -f javax/net/ssl/KeyManagerFactory.lo
+ -rm -f javax/net/ssl/KeyManagerFactorySpi.$(OBJEXT)
+ -rm -f javax/net/ssl/KeyManagerFactorySpi.lo
+ -rm -f javax/net/ssl/ManagerFactoryParameters.$(OBJEXT)
+ -rm -f javax/net/ssl/ManagerFactoryParameters.lo
+ -rm -f javax/net/ssl/SSLContext.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLContext.lo
+ -rm -f javax/net/ssl/SSLContextSpi.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLContextSpi.lo
+ -rm -f javax/net/ssl/SSLException.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLException.lo
+ -rm -f javax/net/ssl/SSLHandshakeException.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLHandshakeException.lo
+ -rm -f javax/net/ssl/SSLKeyException.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLKeyException.lo
+ -rm -f javax/net/ssl/SSLPeerUnverifiedException.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLPeerUnverifiedException.lo
+ -rm -f javax/net/ssl/SSLPermission.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLPermission.lo
+ -rm -f javax/net/ssl/SSLProtocolException.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLProtocolException.lo
+ -rm -f javax/net/ssl/SSLServerSocket.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLServerSocket.lo
+ -rm -f javax/net/ssl/SSLServerSocketFactory.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLServerSocketFactory.lo
+ -rm -f javax/net/ssl/SSLSession.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLSession.lo
+ -rm -f javax/net/ssl/SSLSessionBindingEvent.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLSessionBindingEvent.lo
+ -rm -f javax/net/ssl/SSLSessionBindingListener.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLSessionBindingListener.lo
+ -rm -f javax/net/ssl/SSLSessionContext.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLSessionContext.lo
+ -rm -f javax/net/ssl/SSLSocket.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLSocket.lo
+ -rm -f javax/net/ssl/SSLSocketFactory.$(OBJEXT)
+ -rm -f javax/net/ssl/SSLSocketFactory.lo
+ -rm -f javax/net/ssl/TrivialHostnameVerifier.$(OBJEXT)
+ -rm -f javax/net/ssl/TrivialHostnameVerifier.lo
+ -rm -f javax/net/ssl/TrustManager.$(OBJEXT)
+ -rm -f javax/net/ssl/TrustManager.lo
+ -rm -f javax/net/ssl/TrustManagerFactory.$(OBJEXT)
+ -rm -f javax/net/ssl/TrustManagerFactory.lo
+ -rm -f javax/net/ssl/TrustManagerFactorySpi.$(OBJEXT)
+ -rm -f javax/net/ssl/TrustManagerFactorySpi.lo
+ -rm -f javax/net/ssl/X509KeyManager.$(OBJEXT)
+ -rm -f javax/net/ssl/X509KeyManager.lo
+ -rm -f javax/net/ssl/X509TrustManager.$(OBJEXT)
+ -rm -f javax/net/ssl/X509TrustManager.lo
-rm -f javax/print/AttributeException.$(OBJEXT)
-rm -f javax/print/AttributeException.lo
-rm -f javax/print/CancelablePrintJob.$(OBJEXT)
-rm -f javax/print/event/PrintServiceAttributeEvent.lo
-rm -f javax/print/event/PrintServiceAttributeListener.$(OBJEXT)
-rm -f javax/print/event/PrintServiceAttributeListener.lo
+ -rm -f javax/security/auth/AuthPermission.$(OBJEXT)
+ -rm -f javax/security/auth/AuthPermission.lo
+ -rm -f javax/security/auth/DestroyFailedException.$(OBJEXT)
+ -rm -f javax/security/auth/DestroyFailedException.lo
+ -rm -f javax/security/auth/Destroyable.$(OBJEXT)
+ -rm -f javax/security/auth/Destroyable.lo
+ -rm -f javax/security/auth/Policy.$(OBJEXT)
+ -rm -f javax/security/auth/Policy.lo
+ -rm -f javax/security/auth/PrivateCredentialPermission.$(OBJEXT)
+ -rm -f javax/security/auth/PrivateCredentialPermission.lo
+ -rm -f javax/security/auth/RefreshFailedException.$(OBJEXT)
+ -rm -f javax/security/auth/RefreshFailedException.lo
+ -rm -f javax/security/auth/Refreshable.$(OBJEXT)
+ -rm -f javax/security/auth/Refreshable.lo
+ -rm -f javax/security/auth/Subject.$(OBJEXT)
+ -rm -f javax/security/auth/Subject.lo
+ -rm -f javax/security/auth/SubjectDomainCombiner.$(OBJEXT)
+ -rm -f javax/security/auth/SubjectDomainCombiner.lo
+ -rm -f javax/security/auth/callback/Callback.$(OBJEXT)
+ -rm -f javax/security/auth/callback/Callback.lo
+ -rm -f javax/security/auth/callback/CallbackHandler.$(OBJEXT)
+ -rm -f javax/security/auth/callback/CallbackHandler.lo
+ -rm -f javax/security/auth/callback/ChoiceCallback.$(OBJEXT)
+ -rm -f javax/security/auth/callback/ChoiceCallback.lo
+ -rm -f javax/security/auth/callback/ConfirmationCallback.$(OBJEXT)
+ -rm -f javax/security/auth/callback/ConfirmationCallback.lo
+ -rm -f javax/security/auth/callback/LanguageCallback.$(OBJEXT)
+ -rm -f javax/security/auth/callback/LanguageCallback.lo
+ -rm -f javax/security/auth/callback/NameCallback.$(OBJEXT)
+ -rm -f javax/security/auth/callback/NameCallback.lo
+ -rm -f javax/security/auth/callback/PasswordCallback.$(OBJEXT)
+ -rm -f javax/security/auth/callback/PasswordCallback.lo
+ -rm -f javax/security/auth/callback/TextInputCallback.$(OBJEXT)
+ -rm -f javax/security/auth/callback/TextInputCallback.lo
+ -rm -f javax/security/auth/callback/TextOutputCallback.$(OBJEXT)
+ -rm -f javax/security/auth/callback/TextOutputCallback.lo
+ -rm -f javax/security/auth/callback/UnsupportedCallbackException.$(OBJEXT)
+ -rm -f javax/security/auth/callback/UnsupportedCallbackException.lo
+ -rm -f javax/security/auth/login/AccountExpiredException.$(OBJEXT)
+ -rm -f javax/security/auth/login/AccountExpiredException.lo
+ -rm -f javax/security/auth/login/AppConfigurationEntry.$(OBJEXT)
+ -rm -f javax/security/auth/login/AppConfigurationEntry.lo
+ -rm -f javax/security/auth/login/Configuration.$(OBJEXT)
+ -rm -f javax/security/auth/login/Configuration.lo
+ -rm -f javax/security/auth/login/CredentialExpiredException.$(OBJEXT)
+ -rm -f javax/security/auth/login/CredentialExpiredException.lo
+ -rm -f javax/security/auth/login/FailedLoginException.$(OBJEXT)
+ -rm -f javax/security/auth/login/FailedLoginException.lo
+ -rm -f javax/security/auth/login/LoginContext.$(OBJEXT)
+ -rm -f javax/security/auth/login/LoginContext.lo
+ -rm -f javax/security/auth/login/LoginException.$(OBJEXT)
+ -rm -f javax/security/auth/login/LoginException.lo
+ -rm -f javax/security/auth/login/NullConfiguration.$(OBJEXT)
+ -rm -f javax/security/auth/login/NullConfiguration.lo
-rm -f javax/security/auth/x500/X500Principal.$(OBJEXT)
-rm -f javax/security/auth/x500/X500Principal.lo
+ -rm -f javax/security/auth/x500/X500PrivateCredential.$(OBJEXT)
+ -rm -f javax/security/auth/x500/X500PrivateCredential.lo
+ -rm -f javax/security/cert/Certificate.$(OBJEXT)
+ -rm -f javax/security/cert/Certificate.lo
+ -rm -f javax/security/cert/CertificateEncodingException.$(OBJEXT)
+ -rm -f javax/security/cert/CertificateEncodingException.lo
+ -rm -f javax/security/cert/CertificateException.$(OBJEXT)
+ -rm -f javax/security/cert/CertificateException.lo
+ -rm -f javax/security/cert/CertificateExpiredException.$(OBJEXT)
+ -rm -f javax/security/cert/CertificateExpiredException.lo
+ -rm -f javax/security/cert/CertificateNotYetValidException.$(OBJEXT)
+ -rm -f javax/security/cert/CertificateNotYetValidException.lo
+ -rm -f javax/security/cert/CertificateParsingException.$(OBJEXT)
+ -rm -f javax/security/cert/CertificateParsingException.lo
+ -rm -f javax/security/cert/X509CertBridge.$(OBJEXT)
+ -rm -f javax/security/cert/X509CertBridge.lo
+ -rm -f javax/security/cert/X509Certificate.$(OBJEXT)
+ -rm -f javax/security/cert/X509Certificate.lo
+ -rm -f javax/security/sasl/AuthenticationException.$(OBJEXT)
+ -rm -f javax/security/sasl/AuthenticationException.lo
+ -rm -f javax/security/sasl/AuthorizeCallback.$(OBJEXT)
+ -rm -f javax/security/sasl/AuthorizeCallback.lo
+ -rm -f javax/security/sasl/RealmCallback.$(OBJEXT)
+ -rm -f javax/security/sasl/RealmCallback.lo
+ -rm -f javax/security/sasl/RealmChoiceCallback.$(OBJEXT)
+ -rm -f javax/security/sasl/RealmChoiceCallback.lo
+ -rm -f javax/security/sasl/Sasl.$(OBJEXT)
+ -rm -f javax/security/sasl/Sasl.lo
+ -rm -f javax/security/sasl/SaslClient.$(OBJEXT)
+ -rm -f javax/security/sasl/SaslClient.lo
+ -rm -f javax/security/sasl/SaslClientFactory.$(OBJEXT)
+ -rm -f javax/security/sasl/SaslClientFactory.lo
+ -rm -f javax/security/sasl/SaslException.$(OBJEXT)
+ -rm -f javax/security/sasl/SaslException.lo
+ -rm -f javax/security/sasl/SaslServer.$(OBJEXT)
+ -rm -f javax/security/sasl/SaslServer.lo
+ -rm -f javax/security/sasl/SaslServerFactory.$(OBJEXT)
+ -rm -f javax/security/sasl/SaslServerFactory.lo
-rm -f javax/sql/ConnectionEvent.$(OBJEXT)
-rm -f javax/sql/ConnectionEvent.lo
-rm -f javax/sql/ConnectionEventListener.$(OBJEXT)
-rm -f jni/gtk-peer/lib_gnu_java_awt_peer_gtk_la-gnu_java_awt_peer_gtk_GtkWindowPeer.lo
-rm -f jni/gtk-peer/lib_gnu_java_awt_peer_gtk_la-gthread-jni.$(OBJEXT)
-rm -f jni/gtk-peer/lib_gnu_java_awt_peer_gtk_la-gthread-jni.lo
+ -rm -f org/ietf/jgss/ChannelBinding.$(OBJEXT)
+ -rm -f org/ietf/jgss/ChannelBinding.lo
+ -rm -f org/ietf/jgss/GSSContext.$(OBJEXT)
+ -rm -f org/ietf/jgss/GSSContext.lo
+ -rm -f org/ietf/jgss/GSSCredential.$(OBJEXT)
+ -rm -f org/ietf/jgss/GSSCredential.lo
+ -rm -f org/ietf/jgss/GSSException.$(OBJEXT)
+ -rm -f org/ietf/jgss/GSSException.lo
+ -rm -f org/ietf/jgss/GSSManager.$(OBJEXT)
+ -rm -f org/ietf/jgss/GSSManager.lo
+ -rm -f org/ietf/jgss/GSSName.$(OBJEXT)
+ -rm -f org/ietf/jgss/GSSName.lo
+ -rm -f org/ietf/jgss/MessageProp.$(OBJEXT)
+ -rm -f org/ietf/jgss/MessageProp.lo
+ -rm -f org/ietf/jgss/Oid.$(OBJEXT)
+ -rm -f org/ietf/jgss/Oid.lo
-rm -f org/w3c/dom/Attr.$(OBJEXT)
-rm -f org/w3c/dom/Attr.lo
-rm -f org/w3c/dom/CDATASection.$(OBJEXT)
@AMDEP_TRUE@@am__include@ @am__quote@java/security/cert/$(DEPDIR)/TrustAnchor.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@java/security/cert/$(DEPDIR)/X509CRL.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@java/security/cert/$(DEPDIR)/X509CRLEntry.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@java/security/cert/$(DEPDIR)/X509CRLSelector.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@java/security/cert/$(DEPDIR)/X509CertSelector.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@java/security/cert/$(DEPDIR)/X509Certificate.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@java/security/cert/$(DEPDIR)/X509Extension.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@java/security/interfaces/$(DEPDIR)/DSAKey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/accessibility/$(DEPDIR)/AccessibleTableModelChange.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/accessibility/$(DEPDIR)/AccessibleText.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/accessibility/$(DEPDIR)/AccessibleValue.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/BadPaddingException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/Cipher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/CipherInputStream.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/CipherOutputStream.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/CipherSpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/EncryptedPrivateKeyInfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/ExemptionMechanism.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/ExemptionMechanismException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/ExemptionMechanismSpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/IllegalBlockSizeException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/KeyAgreement.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/KeyAgreementSpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/KeyGenerator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/KeyGeneratorSpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/Mac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/MacSpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/NoSuchPaddingException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/NullCipher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/NullCipherImpl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/SealedObject.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/SecretKey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/SecretKeyFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/SecretKeyFactorySpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/$(DEPDIR)/ShortBufferException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/interfaces/$(DEPDIR)/DHKey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/interfaces/$(DEPDIR)/DHPrivateKey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/interfaces/$(DEPDIR)/DHPublicKey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/interfaces/$(DEPDIR)/PBEKey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/DESKeySpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/DESedeKeySpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/DHGenParameterSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/DHParameterSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/DHPrivateKeySpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/DHPublicKeySpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/IvParameterSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/PBEKeySpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/PBEParameterSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/RC2ParameterSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/RC5ParameterSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/crypto/spec/$(DEPDIR)/SecretKeySpec.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/imageio/$(DEPDIR)/IIOException.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/imageio/$(DEPDIR)/ImageReader.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/imageio/$(DEPDIR)/ImageTranscoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/naming/spi/$(DEPDIR)/ResolveResult.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/naming/spi/$(DEPDIR)/Resolver.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/naming/spi/$(DEPDIR)/StateFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/$(DEPDIR)/ServerSocketFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/$(DEPDIR)/SocketFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/$(DEPDIR)/VanillaServerSocketFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/$(DEPDIR)/VanillaSocketFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/HandshakeCompletedEvent.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/HandshakeCompletedListener.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/HostnameVerifier.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/HttpsURLConnection.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/KeyManager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/KeyManagerFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/KeyManagerFactorySpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/ManagerFactoryParameters.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLContext.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLContextSpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLHandshakeException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLKeyException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLPeerUnverifiedException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLPermission.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLProtocolException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLServerSocket.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLServerSocketFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLSession.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLSessionBindingEvent.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLSessionBindingListener.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLSessionContext.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLSocket.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/SSLSocketFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/TrivialHostnameVerifier.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/TrustManager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/TrustManagerFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/TrustManagerFactorySpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/X509KeyManager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/net/ssl/$(DEPDIR)/X509TrustManager.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/print/$(DEPDIR)/AttributeException.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/print/$(DEPDIR)/CancelablePrintJob.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/print/$(DEPDIR)/Doc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/print/event/$(DEPDIR)/PrintJobListener.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/print/event/$(DEPDIR)/PrintServiceAttributeEvent.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/print/event/$(DEPDIR)/PrintServiceAttributeListener.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/AuthPermission.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/DestroyFailedException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/Destroyable.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/Policy.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/PrivateCredentialPermission.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/RefreshFailedException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/Refreshable.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/Subject.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/$(DEPDIR)/SubjectDomainCombiner.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/Callback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/CallbackHandler.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/ChoiceCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/ConfirmationCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/LanguageCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/NameCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/PasswordCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/TextInputCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/TextOutputCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/callback/$(DEPDIR)/UnsupportedCallbackException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/login/$(DEPDIR)/AccountExpiredException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/login/$(DEPDIR)/AppConfigurationEntry.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/login/$(DEPDIR)/Configuration.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/login/$(DEPDIR)/CredentialExpiredException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/login/$(DEPDIR)/FailedLoginException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/login/$(DEPDIR)/LoginContext.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/login/$(DEPDIR)/LoginException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/login/$(DEPDIR)/NullConfiguration.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/x500/$(DEPDIR)/X500Principal.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/auth/x500/$(DEPDIR)/X500PrivateCredential.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/cert/$(DEPDIR)/Certificate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/cert/$(DEPDIR)/CertificateEncodingException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/cert/$(DEPDIR)/CertificateException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/cert/$(DEPDIR)/CertificateExpiredException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/cert/$(DEPDIR)/CertificateNotYetValidException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/cert/$(DEPDIR)/CertificateParsingException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/cert/$(DEPDIR)/X509CertBridge.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/cert/$(DEPDIR)/X509Certificate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/AuthenticationException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/AuthorizeCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/RealmCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/RealmChoiceCallback.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/Sasl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/SaslClient.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/SaslClientFactory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/SaslException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/SaslServer.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@javax/security/sasl/$(DEPDIR)/SaslServerFactory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/sql/$(DEPDIR)/ConnectionEvent.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/sql/$(DEPDIR)/ConnectionEventListener.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@javax/sql/$(DEPDIR)/ConnectionPoolDataSource.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@jni/gtk-peer/$(DEPDIR)/lib_gnu_java_awt_peer_gtk_la-gnu_java_awt_peer_gtk_GtkToolkit.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@jni/gtk-peer/$(DEPDIR)/lib_gnu_java_awt_peer_gtk_la-gnu_java_awt_peer_gtk_GtkWindowPeer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@jni/gtk-peer/$(DEPDIR)/lib_gnu_java_awt_peer_gtk_la-gthread-jni.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@org/ietf/jgss/$(DEPDIR)/ChannelBinding.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@org/ietf/jgss/$(DEPDIR)/GSSContext.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@org/ietf/jgss/$(DEPDIR)/GSSCredential.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@org/ietf/jgss/$(DEPDIR)/GSSException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@org/ietf/jgss/$(DEPDIR)/GSSManager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@org/ietf/jgss/$(DEPDIR)/GSSName.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@org/ietf/jgss/$(DEPDIR)/MessageProp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@org/ietf/jgss/$(DEPDIR)/Oid.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@org/w3c/dom/$(DEPDIR)/Attr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@org/w3c/dom/$(DEPDIR)/CDATASection.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@org/w3c/dom/$(DEPDIR)/CharacterData.Plo@am__quote@
-rm -rf java/util/regex/.libs java/util/regex/_libs
-rm -rf java/util/zip/.libs java/util/zip/_libs
-rm -rf javax/accessibility/.libs javax/accessibility/_libs
+ -rm -rf javax/crypto/.libs javax/crypto/_libs
+ -rm -rf javax/crypto/interfaces/.libs javax/crypto/interfaces/_libs
+ -rm -rf javax/crypto/spec/.libs javax/crypto/spec/_libs
-rm -rf javax/imageio/.libs javax/imageio/_libs
-rm -rf javax/imageio/event/.libs javax/imageio/event/_libs
-rm -rf javax/imageio/spi/.libs javax/imageio/spi/_libs
-rm -rf javax/naming/event/.libs javax/naming/event/_libs
-rm -rf javax/naming/ldap/.libs javax/naming/ldap/_libs
-rm -rf javax/naming/spi/.libs javax/naming/spi/_libs
+ -rm -rf javax/net/.libs javax/net/_libs
+ -rm -rf javax/net/ssl/.libs javax/net/ssl/_libs
-rm -rf javax/print/.libs javax/print/_libs
-rm -rf javax/print/attribute/.libs javax/print/attribute/_libs
-rm -rf javax/print/attribute/standard/.libs javax/print/attribute/standard/_libs
-rm -rf javax/print/event/.libs javax/print/event/_libs
+ -rm -rf javax/security/auth/.libs javax/security/auth/_libs
+ -rm -rf javax/security/auth/callback/.libs javax/security/auth/callback/_libs
+ -rm -rf javax/security/auth/login/.libs javax/security/auth/login/_libs
-rm -rf javax/security/auth/x500/.libs javax/security/auth/x500/_libs
+ -rm -rf javax/security/cert/.libs javax/security/cert/_libs
+ -rm -rf javax/security/sasl/.libs javax/security/sasl/_libs
-rm -rf javax/sql/.libs javax/sql/_libs
-rm -rf javax/swing/.libs javax/swing/_libs
-rm -rf javax/swing/border/.libs javax/swing/border/_libs
-rm -rf javax/transaction/xa/.libs javax/transaction/xa/_libs
-rm -rf jni/classpath/.libs jni/classpath/_libs
-rm -rf jni/gtk-peer/.libs jni/gtk-peer/_libs
+ -rm -rf org/ietf/jgss/.libs org/ietf/jgss/_libs
-rm -rf org/w3c/dom/.libs org/w3c/dom/_libs
-rm -rf org/w3c/dom/ranges/.libs org/w3c/dom/ranges/_libs
-rm -rf org/w3c/dom/traversal/.libs org/w3c/dom/traversal/_libs
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -rm -f javax/naming/$(am__dirstamp)
- -rm -f java/util/logging/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/beans/$(am__dirstamp)
- -rm -f gnu/java/awt/$(am__dirstamp)
- -rm -f javax/swing/border/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/w3c/dom/traversal/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/rmi/activation/$(am__dirstamp)
+ -rm -f java/rmi/server/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/lang/reflect/$(am__dirstamp)
+ -rm -f javax/sql/$(am__dirstamp)
-rm -f java/security/interfaces/$(am__dirstamp)
- -rm -f gnu/java/locale/$(am__dirstamp)
- -rm -f gnu/java/beans/$(am__dirstamp)
- -rm -f gnu/java/net/protocol/jar/$(am__dirstamp)
- -rm -f java/awt/$(am__dirstamp)
- -rm -f org/xml/sax/helpers/$(am__dirstamp)
- -rm -f org/xml/sax/ext/$(am__dirstamp)
- -rm -f java/security/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/net/protocol/file/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/w3c/dom/$(DEPDIR)/$(am__dirstamp)
+ -rm -f jni/classpath/$(am__dirstamp)
+ -rm -f java/awt/datatransfer/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/security/provider/$(am__dirstamp)
+ -rm -f java/util/regex/$(am__dirstamp)
+ -rm -f gnu/java/nio/channels/$(am__dirstamp)
+ -rm -f javax/naming/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/security/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/net/$(am__dirstamp)
+ -rm -f java/lang/reflect/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/imageio/spi/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/lang/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/print/$(am__dirstamp)
+ -rm -f gnu/regexp/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/dnd/peer/$(am__dirstamp)
+ -rm -f gnu/java/rmi/dgc/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/util/prefs/$(am__dirstamp)
+ -rm -f java/nio/charset/$(am__dirstamp)
+ -rm -f gnu/java/nio/channels/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/crypto/spec/$(am__dirstamp)
+ -rm -f java/awt/print/$(am__dirstamp)
+ -rm -f gnu/java/security/action/$(am__dirstamp)
+ -rm -f java/applet/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/security/auth/$(am__dirstamp)
-rm -f javax/swing/colorchooser/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/dnd/$(am__dirstamp)
+ -rm -f java/sql/$(am__dirstamp)
+ -rm -f jni/classpath/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/awt/image/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/security/der/$(am__dirstamp)
+ -rm -f java/util/zip/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/imageio/spi/$(am__dirstamp)
+ -rm -f gnu/gcj/runtime/$(am__dirstamp)
+ -rm -f javax/security/auth/callback/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/$(am__dirstamp)
+ -rm -f java/io/$(am__dirstamp)
+ -rm -f java/awt/geom/$(am__dirstamp)
+ -rm -f javax/security/auth/x500/$(am__dirstamp)
+ -rm -f javax/imageio/$(am__dirstamp)
+ -rm -f gnu/awt/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/rmi/activation/$(am__dirstamp)
+ -rm -f java/lang/ref/$(am__dirstamp)
+ -rm -f javax/security/auth/callback/$(am__dirstamp)
+ -rm -f java/util/prefs/$(am__dirstamp)
+ -rm -f javax/crypto/interfaces/$(am__dirstamp)
+ -rm -f java/rmi/dgc/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/net/ssl/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/io/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/gcj/io/$(DEPDIR)/$(am__dirstamp)
+ -rm -f jni/gtk-peer/$(am__dirstamp)
+ -rm -f gnu/gcj/xlib/$(am__dirstamp)
+ -rm -f javax/swing/text/html/$(am__dirstamp)
+ -rm -f java/awt/image/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/rmi/rmic/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/nio/$(am__dirstamp)
+ -rm -f javax/swing/plaf/basic/$(am__dirstamp)
-rm -f java/util/prefs/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/lang/$(am__dirstamp)
- -rm -f java/lang/reflect/$(am__dirstamp)
- -rm -f java/math/$(am__dirstamp)
+ -rm -f gnu/java/beans/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/naming/$(am__dirstamp)
+ -rm -f java/rmi/$(am__dirstamp)
+ -rm -f java/nio/charset/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/im/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/util/$(am__dirstamp)
+ -rm -f gnu/java/io/$(am__dirstamp)
-rm -f gnu/java/net/protocol/file/$(am__dirstamp)
+ -rm -f java/math/$(am__dirstamp)
+ -rm -f javax/swing/table/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/colorchooser/$(am__dirstamp)
+ -rm -f gnu/java/rmi/dgc/$(am__dirstamp)
+ -rm -f javax/swing/text/html/parser/$(am__dirstamp)
+ -rm -f javax/security/sasl/$(am__dirstamp)
+ -rm -f javax/security/auth/login/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/rmi/$(DEPDIR)/$(am__dirstamp)
-rm -f javax/transaction/xa/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/naming/ldap/$(am__dirstamp)
- -rm -f java/awt/geom/$(am__dirstamp)
- -rm -f gnu/java/security/provider/$(am__dirstamp)
+ -rm -f gnu/java/security/der/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/beans/beancontext/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/awt/$(am__dirstamp)
+ -rm -f javax/swing/undo/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/awt/j2d/$(am__dirstamp)
+ -rm -f java/awt/peer/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/text/$(am__dirstamp)
+ -rm -f java/rmi/registry/$(DEPDIR)/$(am__dirstamp)
+ -rm -f org/w3c/dom/ranges/$(am__dirstamp)
+ -rm -f javax/sql/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/security/auth/x500/$(DEPDIR)/$(am__dirstamp)
-rm -f javax/naming/event/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/font/$(am__dirstamp)
- -rm -f java/text/$(am__dirstamp)
- -rm -f gnu/java/util/prefs/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/rmi/rmic/$(am__dirstamp)
- -rm -f javax/print/event/$(am__dirstamp)
- -rm -f gnu/java/nio/charset/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/rmi/dgc/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/security/$(am__dirstamp)
- -rm -f javax/swing/plaf/metal/$(am__dirstamp)
+ -rm -f java/security/cert/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/rmi/server/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/beans/$(am__dirstamp)
+ -rm -f java/awt/image/renderable/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/naming/directory/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/imageio/stream/$(am__dirstamp)
+ -rm -f javax/imageio/stream/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/gcj/convert/$(am__dirstamp)
- -rm -f java/nio/channels/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/rmi/dgc/$(am__dirstamp)
- -rm -f gnu/gcj/runtime/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/math/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/text/$(am__dirstamp)
+ -rm -f java/beans/$(am__dirstamp)
+ -rm -f java/security/acl/$(DEPDIR)/$(am__dirstamp)
+ -rm -f org/ietf/jgss/$(am__dirstamp)
+ -rm -f gnu/java/net/protocol/gcjlib/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/classpath/$(am__dirstamp)
+ -rm -f javax/print/event/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/datatransfer/$(am__dirstamp)
+ -rm -f javax/swing/plaf/metal/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/filechooser/$(am__dirstamp)
+ -rm -f jni/gtk-peer/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/gcj/xlib/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/java/util/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/gcj/runtime/$(am__dirstamp)
- -rm -f java/nio/charset/$(am__dirstamp)
- -rm -f jni/classpath/$(am__dirstamp)
- -rm -f gnu/awt/$(am__dirstamp)
- -rm -f javax/security/auth/x500/$(am__dirstamp)
- -rm -f java/awt/dnd/peer/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/border/$(am__dirstamp)
- -rm -f gnu/java/nio/channels/$(DEPDIR)/$(am__dirstamp)
- -rm -f jni/classpath/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/print/attribute/standard/$(am__dirstamp)
+ -rm -f java/lang/ref/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/net/ssl/$(am__dirstamp)
+ -rm -f java/text/$(am__dirstamp)
+ -rm -f gnu/java/net/protocol/jar/$(am__dirstamp)
+ -rm -f sysdep/$(am__dirstamp)
+ -rm -f java/awt/im/spi/$(am__dirstamp)
+ -rm -f gnu/java/rmi/registry/$(am__dirstamp)
+ -rm -f javax/security/sasl/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/locale/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/math/$(DEPDIR)/$(am__dirstamp)
+ -rm -f org/xml/sax/ext/$(am__dirstamp)
+ -rm -f java/security/interfaces/$(DEPDIR)/$(am__dirstamp)
+ -rm -f org/w3c/dom/$(am__dirstamp)
+ -rm -f org/xml/sax/helpers/$(am__dirstamp)
+ -rm -f javax/swing/filechooser/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/util/$(am__dirstamp)
-rm -f java/net/$(am__dirstamp)
- -rm -f javax/swing/tree/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/naming/ldap/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/font/$(am__dirstamp)
+ -rm -f gnu/java/awt/peer/gtk/$(DEPDIR)/$(am__dirstamp)
+ -rm -f org/xml/sax/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/gcj/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/awt/peer/gtk/$(am__dirstamp)
+ -rm -f javax/crypto/spec/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/security/spec/$(am__dirstamp)
-rm -f gnu/java/nio/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/peer/$(am__dirstamp)
- -rm -f java/awt/image/renderable/$(am__dirstamp)
-rm -f gnu/java/security/$(am__dirstamp)
+ -rm -f javax/print/attribute/$(am__dirstamp)
+ -rm -f org/w3c/dom/ranges/$(DEPDIR)/$(am__dirstamp)
-rm -f javax/naming/spi/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/nio/$(am__dirstamp)
- -rm -f java/nio/charset/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/net/protocol/core/$(am__dirstamp)
- -rm -f gnu/java/nio/$(am__dirstamp)
- -rm -f java/lang/ref/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/rmi/dgc/$(am__dirstamp)
- -rm -f java/awt/peer/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/color/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/util/zip/$(am__dirstamp)
- -rm -f java/awt/datatransfer/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/image/renderable/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/util/zip/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/plaf/basic/$(am__dirstamp)
- -rm -f gnu/gcj/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/plaf/basic/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/awt/xlib/$(am__dirstamp)
- -rm -f gnu/awt/j2d/$(am__dirstamp)
+ -rm -f gnu/java/net/protocol/http/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/beans/$(DEPDIR)/$(am__dirstamp)
-rm -f java/util/jar/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/lang/reflect/$(am__dirstamp)
- -rm -f javax/print/attribute/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/colorchooser/$(am__dirstamp)
- -rm -f javax/print/attribute/$(am__dirstamp)
- -rm -f javax/print/$(am__dirstamp)
- -rm -f java/security/cert/$(am__dirstamp)
- -rm -f gnu/awt/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/naming/directory/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/security/action/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/w3c/dom/$(am__dirstamp)
- -rm -f java/nio/channels/spi/$(am__dirstamp)
- -rm -f gnu/java/lang/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/rmi/server/$(am__dirstamp)
- -rm -f gnu/gcj/xlib/$(am__dirstamp)
- -rm -f gnu/java/rmi/server/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/applet/$(am__dirstamp)
+ -rm -f javax/swing/plaf/metal/$(am__dirstamp)
+ -rm -f org/ietf/jgss/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/nio/channels/spi/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/net/protocol/http/$(am__dirstamp)
-rm -f java/awt/color/$(am__dirstamp)
- -rm -f java/awt/print/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/lang/reflect/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/security/der/$(am__dirstamp)
- -rm -f gnu/java/net/protocol/http/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/text/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/util/prefs/$(am__dirstamp)
- -rm -f gnu/java/security/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/print/$(am__dirstamp)
- -rm -f java/awt/geom/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/imageio/event/$(am__dirstamp)
- -rm -f javax/imageio/spi/$(am__dirstamp)
+ -rm -f gnu/java/security/action/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/border/$(am__dirstamp)
+ -rm -f javax/print/event/$(am__dirstamp)
+ -rm -f javax/swing/event/$(am__dirstamp)
+ -rm -f gnu/gcj/$(am__dirstamp)
-rm -f gnu/gcj/io/$(am__dirstamp)
- -rm -f gnu/java/nio/charset/$(am__dirstamp)
+ -rm -f gnu/java/security/util/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/security/util/$(am__dirstamp)
+ -rm -f gnu/java/nio/charset/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/util/zip/$(am__dirstamp)
+ -rm -f gnu/awt/xlib/$(am__dirstamp)
+ -rm -f java/util/logging/$(am__dirstamp)
+ -rm -f java/text/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/color/$(DEPDIR)/$(am__dirstamp)
-rm -f javax/swing/plaf/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/naming/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/net/protocol/gcjlib/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/nio/channels/spi/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/im/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/transaction/xa/$(am__dirstamp)
- -rm -f javax/swing/table/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/security/cert/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/beans/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/w3c/dom/traversal/$(am__dirstamp)
- -rm -f javax/swing/$(am__dirstamp)
- -rm -f java/rmi/registry/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/awt/image/$(am__dirstamp)
- -rm -f javax/naming/directory/$(am__dirstamp)
- -rm -f javax/swing/plaf/metal/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/lang/reflect/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/imageio/spi/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/print/event/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/net/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/nio/charset/spi/$(am__dirstamp)
+ -rm -f org/w3c/dom/traversal/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/undo/$(am__dirstamp)
+ -rm -f gnu/java/math/$(am__dirstamp)
+ -rm -f org/xml/sax/helpers/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/text/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/text/html/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/naming/ldap/$(am__dirstamp)
+ -rm -f javax/swing/text/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/net/protocol/core/$(DEPDIR)/$(am__dirstamp)
-rm -f java/nio/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/tree/$(am__dirstamp)
- -rm -f gnu/java/rmi/dgc/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/image/$(DEPDIR)/$(am__dirstamp)
- -rm -f sysdep/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/text/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/classpath/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/rmi/$(am__dirstamp)
- -rm -f javax/imageio/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/awt/xlib/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/beans/editors/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/nio/channels/$(am__dirstamp)
+ -rm -f gnu/java/rmi/server/$(am__dirstamp)
+ -rm -f java/util/logging/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/gcj/convert/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/awt/image/$(am__dirstamp)
+ -rm -f java/nio/channels/spi/$(am__dirstamp)
+ -rm -f gnu/java/nio/charset/$(am__dirstamp)
-rm -f gnu/java/security/x509/$(am__dirstamp)
- -rm -f gnu/java/awt/image/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/beans/beancontext/$(am__dirstamp)
- -rm -f gnu/java/rmi/$(am__dirstamp)
- -rm -f gnu/regexp/$(am__dirstamp)
- -rm -f java/security/interfaces/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/net/protocol/http/$(am__dirstamp)
- -rm -f jni/gtk-peer/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/awt/peer/gtk/$(am__dirstamp)
- -rm -f javax/accessibility/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/imageio/event/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/accessibility/$(am__dirstamp)
- -rm -f gnu/java/awt/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/regexp/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/security/util/$(am__dirstamp)
+ -rm -f java/security/$(am__dirstamp)
+ -rm -f javax/transaction/xa/$(am__dirstamp)
+ -rm -f gnu/awt/xlib/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/im/spi/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/security/spec/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/dnd/peer/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/crypto/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/sql/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/tree/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/awt/j2d/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/util/prefs/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/locale/$(am__dirstamp)
+ -rm -f javax/security/cert/$(am__dirstamp)
+ -rm -f gnu/java/nio/$(am__dirstamp)
+ -rm -f gnu/java/lang/reflect/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/rmi/rmic/$(am__dirstamp)
+ -rm -f javax/print/attribute/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/lang/reflect/$(am__dirstamp)
+ -rm -f java/awt/$(am__dirstamp)
+ -rm -f org/xml/sax/$(am__dirstamp)
-rm -f javax/print/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/rmi/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/nio/channels/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/util/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/geom/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/dnd/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/transaction/$(am__dirstamp)
+ -rm -f javax/accessibility/$(am__dirstamp)
+ -rm -f java/rmi/dgc/$(am__dirstamp)
+ -rm -f gnu/awt/$(am__dirstamp)
+ -rm -f javax/swing/border/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/transaction/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/imageio/event/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/security/auth/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/beans/editors/$(am__dirstamp)
+ -rm -f javax/security/auth/login/$(am__dirstamp)
+ -rm -f gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/rmi/$(DEPDIR)/$(am__dirstamp)
-rm -f java/awt/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/util/regex/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/net/$(DEPDIR)/$(am__dirstamp)
-rm -f java/awt/event/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/beans/editors/$(am__dirstamp)
- -rm -f java/nio/charset/spi/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/text/$(am__dirstamp)
- -rm -f gnu/classpath/$(am__dirstamp)
- -rm -f java/math/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/net/$(am__dirstamp)
- -rm -f javax/swing/text/$(am__dirstamp)
- -rm -f javax/swing/table/$(am__dirstamp)
- -rm -f gnu/java/beans/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/text/html/$(am__dirstamp)
- -rm -f java/io/$(am__dirstamp)
- -rm -f gnu/gcj/$(am__dirstamp)
- -rm -f java/util/jar/$(am__dirstamp)
- -rm -f javax/print/attribute/standard/$(am__dirstamp)
- -rm -f javax/security/auth/x500/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/naming/spi/$(am__dirstamp)
- -rm -f javax/swing/filechooser/$(am__dirstamp)
- -rm -f javax/swing/event/$(am__dirstamp)
- -rm -f javax/sql/$(am__dirstamp)
- -rm -f java/awt/image/$(am__dirstamp)
- -rm -f gnu/java/beans/info/$(am__dirstamp)
+ -rm -f java/io/$(DEPDIR)/$(am__dirstamp)
-rm -f java/awt/event/$(am__dirstamp)
- -rm -f gnu/java/net/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/classpath/$(DEPDIR)/$(am__dirstamp)
+ -rm -f org/xml/sax/ext/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/accessibility/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/gcj/runtime/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/security/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/print/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/lang/$(am__dirstamp)
+ -rm -f gnu/regexp/$(am__dirstamp)
+ -rm -f gnu/java/rmi/$(am__dirstamp)
+ -rm -f javax/swing/plaf/basic/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/naming/directory/$(am__dirstamp)
+ -rm -f java/rmi/activation/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/net/protocol/file/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/net/$(am__dirstamp)
+ -rm -f gnu/java/awt/peer/$(am__dirstamp)
+ -rm -f gnu/java/awt/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/java/rmi/registry/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/transaction/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/util/$(am__dirstamp)
- -rm -f gnu/java/io/$(am__dirstamp)
- -rm -f java/beans/beancontext/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/util/regex/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/beans/info/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/undo/$(am__dirstamp)
- -rm -f java/awt/dnd/peer/$(am__dirstamp)
- -rm -f javax/swing/undo/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/rmi/registry/$(am__dirstamp)
- -rm -f sysdep/$(am__dirstamp)
- -rm -f java/applet/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/event/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/nio/charset/spi/$(DEPDIR)/$(am__dirstamp)
-rm -f javax/swing/text/html/parser/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/lang/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/imageio/$(am__dirstamp)
- -rm -f java/sql/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/awt/peer/$(am__dirstamp)
- -rm -f java/rmi/activation/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/text/html/parser/$(am__dirstamp)
- -rm -f gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/security/spec/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/rmi/registry/$(am__dirstamp)
- -rm -f gnu/java/awt/peer/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/security/der/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/sql/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/w3c/dom/ranges/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/security/acl/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/rmi/server/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/table/$(am__dirstamp)
-rm -f gnu/java/net/protocol/gcjlib/$(am__dirstamp)
- -rm -f gnu/java/locale/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/datatransfer/$(am__dirstamp)
- -rm -f gnu/java/util/prefs/$(am__dirstamp)
- -rm -f java/security/spec/$(am__dirstamp)
- -rm -f java/util/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/net/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/lang/ref/$(am__dirstamp)
- -rm -f gnu/java/util/$(am__dirstamp)
- -rm -f gnu/java/nio/channels/$(am__dirstamp)
- -rm -f java/rmi/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/xml/sax/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/rmi/rmic/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/transaction/$(am__dirstamp)
- -rm -f gnu/java/math/$(am__dirstamp)
- -rm -f java/util/regex/$(am__dirstamp)
- -rm -f gnu/java/security/action/$(am__dirstamp)
+ -rm -f org/w3c/dom/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/beans/info/$(am__dirstamp)
+ -rm -f javax/naming/spi/$(am__dirstamp)
+ -rm -f javax/crypto/interfaces/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/swing/tree/$(am__dirstamp)
+ -rm -f javax/net/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/net/protocol/core/$(am__dirstamp)
+ -rm -f java/awt/peer/$(am__dirstamp)
+ -rm -f javax/imageio/event/$(am__dirstamp)
+ -rm -f gnu/java/awt/peer/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/imageio/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/security/acl/$(am__dirstamp)
+ -rm -f gnu/java/beans/info/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/java/net/protocol/jar/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/nio/charset/spi/$(am__dirstamp)
+ -rm -f java/beans/beancontext/$(am__dirstamp)
+ -rm -f sysdep/$(DEPDIR)/$(am__dirstamp)
+ -rm -f org/w3c/dom/traversal/$(am__dirstamp)
-rm -f java/awt/im/$(am__dirstamp)
- -rm -f javax/swing/text/html/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/im/spi/$(am__dirstamp)
- -rm -f java/io/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/java/security/util/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/dnd/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/imageio/stream/$(am__dirstamp)
- -rm -f org/w3c/dom/ranges/$(am__dirstamp)
- -rm -f java/awt/dnd/$(am__dirstamp)
- -rm -f gnu/java/beans/editors/$(DEPDIR)/$(am__dirstamp)
-rm -f java/awt/font/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/math/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/naming/ldap/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/awt/image/renderable/$(am__dirstamp)
+ -rm -f javax/naming/event/$(am__dirstamp)
+ -rm -f java/awt/image/$(am__dirstamp)
-rm -f javax/swing/plaf/$(am__dirstamp)
- -rm -f java/util/logging/$(am__dirstamp)
- -rm -f gnu/java/net/protocol/core/$(DEPDIR)/$(am__dirstamp)
- -rm -f jni/gtk-peer/$(am__dirstamp)
- -rm -f gnu/gcj/xlib/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/print/attribute/standard/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/rmi/registry/$(am__dirstamp)
-rm -f java/rmi/server/$(am__dirstamp)
- -rm -f gnu/awt/j2d/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/event/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/xml/sax/$(am__dirstamp)
- -rm -f gnu/java/awt/peer/gtk/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/security/acl/$(am__dirstamp)
- -rm -f gnu/java/io/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/xml/sax/ext/$(DEPDIR)/$(am__dirstamp)
- -rm -f org/xml/sax/helpers/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/awt/im/spi/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/gcj/convert/$(DEPDIR)/$(am__dirstamp)
+ -rm -f javax/crypto/$(am__dirstamp)
+ -rm -f javax/print/attribute/standard/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/security/cert/$(am__dirstamp)
+ -rm -f gnu/java/lang/$(DEPDIR)/$(am__dirstamp)
+ -rm -f java/util/jar/$(am__dirstamp)
+ -rm -f javax/security/cert/$(DEPDIR)/$(am__dirstamp)
-rm -f java/lang/$(am__dirstamp)
- -rm -f gnu/java/text/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/nio/channels/$(am__dirstamp)
- -rm -f java/sql/$(am__dirstamp)
- -rm -f javax/imageio/stream/$(DEPDIR)/$(am__dirstamp)
- -rm -f gnu/gcj/io/$(DEPDIR)/$(am__dirstamp)
- -rm -f javax/swing/filechooser/$(DEPDIR)/$(am__dirstamp)
- -rm -f java/applet/$(am__dirstamp)
- -rm -f javax/naming/event/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
distclean: distclean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
- -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/w3c/dom/$(DEPDIR) org/w3c/dom/ranges/$(DEPDIR) org/w3c/dom/traversal/$(DEPDIR) org/xml/sax/$(DEPDIR) org/xml/sax/ext/$(DEPDIR) org/xml/sax/helpers/$(DEPDIR) sysdep/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) org/w3c/dom/$(DEPDIR) org/w3c/dom/ranges/$(DEPDIR) org/w3c/dom/traversal/$(DEPDIR) org/xml/sax/$(DEPDIR) org/xml/sax/ext/$(DEPDIR) org/xml/sax/helpers/$(DEPDIR) sysdep/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-libtool distclean-local distclean-tags
maintainer-clean: maintainer-clean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
- -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/w3c/dom/$(DEPDIR) org/w3c/dom/ranges/$(DEPDIR) org/w3c/dom/traversal/$(DEPDIR) org/xml/sax/$(DEPDIR) org/xml/sax/ext/$(DEPDIR) org/xml/sax/helpers/$(DEPDIR) sysdep/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) org/w3c/dom/$(DEPDIR) org/w3c/dom/ranges/$(DEPDIR) org/w3c/dom/traversal/$(DEPDIR) org/xml/sax/$(DEPDIR) org/xml/sax/ext/$(DEPDIR) org/xml/sax/helpers/$(DEPDIR) sysdep/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
$(lib_gnu_java_awt_peer_gtk_la_OBJECTS): $(lib_gnu_java_awt_peer_gtk_la_DEPENDENCIES)
+%.properties.lo: %.properties
+ $(LTGCJCOMPILE) -o $@ -c $< -Wc,--resource,`echo $@ | sed "s/\.lo$$//"`
+
%.properties.lo: %.properties
$(LTGCJCOMPILE) -o $@ -c $< -Wc,--resource,`echo $@ | sed "s/\.lo$$//"`
clean-nat:
rm -f $(nat_files) $(xlib_nat_files)
-$(filter-out gnu/gcj/runtime/StackTrace.lo, $(javao_files)) $(xlib_javao_files) $(lib_org_w3c_dom_la_OBJECTS) $(lib_org_xml_sax_la_OBJECTS): %.lo: %.java
+$(filter-out gnu/gcj/runtime/StackTrace.lo, $(javao_files)) $(xlib_javao_files) $(lib_org_w3c_dom_la_OBJECTS) $(lib_org_xml_sax_la_OBJECTS) $(lib_org_ietf_jgss_la_OBJECTS): %.lo: %.java
$(LTGCJCOMPILE) -o $@ -c $<
$(gtk_awt_peer_sources:.java=.lo): %.lo: %.java
--- /dev/null
+/* X509CRLSelector.java -- selects X.509 CRLs by criteria.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import java.math.BigInteger;
+
+import java.security.AccessController;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
+import gnu.java.security.action.GetPropertyAction;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+/**
+ * A class for matching X.509 certificate revocation lists by criteria.
+ *
+ * <p>Use of this class requires extensive knowledge of the Internet
+ * Engineering Task Force's Public Key Infrastructure (X.509). The primary
+ * document describing this standard is <a
+ * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * Public Key Infrastructure Certificate and Certificate Revocation List
+ * (CRL) Profile</a>.
+ *
+ * <p>Note that this class is not thread-safe. If multiple threads will
+ * use or modify this class then they need to synchronize on the object.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class X509CRLSelector implements CRLSelector, Cloneable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static final String CRL_NUMBER_ID = "2.5.29.20";
+
+ private List issuerNames;
+ private BigInteger maxCrlNumber;
+ private BigInteger minCrlNumber;
+ private Date date;
+ private X509Certificate cert;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new CRL selector with no criteria enabled; i.e., every CRL
+ * will be matched.
+ */
+ public X509CRLSelector()
+ {
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Add an issuer name to the set of issuer names criteria, as the DER
+ * encoded form.
+ *
+ * @param name The name to add, as DER bytes.
+ * @throws IOException If the argument is not a valid DER-encoding.
+ */
+ public void addIssuerName(byte[] name) throws IOException
+ {
+ X500Principal p = null;
+ try
+ {
+ p = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ if (issuerNames == null)
+ issuerNames = new LinkedList();
+ issuerNames.add(p);
+ }
+
+ /**
+ * Add an issuer name to the set of issuer names criteria, as a
+ * String representation.
+ *
+ * @param name The name to add.
+ * @throws IOException If the argument is not a valid name.
+ */
+ public void addIssuerName(String name) throws IOException
+ {
+ X500Principal p = null;
+ try
+ {
+ p = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name: " + name);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ if (issuerNames == null)
+ issuerNames = new LinkedList();
+ issuerNames.add(p);
+ }
+
+ /**
+ * Sets the issuer names criterion. Pass <code>null</code> to clear this
+ * value. CRLs matched by this selector must have an issuer name in this
+ * set.
+ *
+ * @param names The issuer names.
+ * @throws IOException If any of the elements in the collection is not
+ * a valid name.
+ */
+ public void setIssuerNames(Collection names) throws IOException
+ {
+ if (names == null)
+ {
+ issuerNames = null;
+ return;
+ }
+ List l = new ArrayList(names.size());
+ for (Iterator it = names.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o instanceof X500Principal)
+ l.add(o);
+ else if (o instanceof String)
+ {
+ try
+ {
+ l.add(new X500Principal((String) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name: " + o);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else if (o instanceof byte[])
+ {
+ try
+ {
+ l.add(new X500Principal((byte[]) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else if (o instanceof InputStream)
+ {
+ try
+ {
+ l.add(new X500Principal((InputStream) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else
+ throw new IOException("not a valid name: " +
+ (o != null ? o.getClass().getName() : "null"));
+
+ }
+ issuerNames = l;
+ }
+
+ /**
+ * Returns the set of issuer names that are matched by this selector,
+ * or <code>null</code> if this criteria is not set. The returned
+ * collection is not modifiable.
+ *
+ * @return The set of issuer names.
+ */
+ public Collection getIssuerNames()
+ {
+ if (issuerNames != null)
+ return Collections.unmodifiableList(issuerNames);
+ else
+ return null;
+ }
+
+ /**
+ * Returns the maximum value of the CRLNumber extension present in
+ * CRLs matched by this selector, or <code>null</code> if this
+ * criteria is not set.
+ *
+ * @return The maximum CRL number.
+ */
+ public BigInteger getMaxCRL()
+ {
+ return maxCrlNumber;
+ }
+
+ /**
+ * Returns the minimum value of the CRLNumber extension present in
+ * CRLs matched by this selector, or <code>null</code> if this
+ * criteria is not set.
+ *
+ * @return The minimum CRL number.
+ */
+ public BigInteger getMinCRL()
+ {
+ return minCrlNumber;
+ }
+
+ /**
+ * Sets the maximum value of the CRLNumber extension present in CRLs
+ * matched by this selector. Specify <code>null</code> to clear this
+ * criterion.
+ *
+ * @param maxCrlNumber The maximum CRL number.
+ */
+ public void setMaxCRLNumber(BigInteger maxCrlNumber)
+ {
+ this.maxCrlNumber = maxCrlNumber;
+ }
+
+ /**
+ * Sets the minimum value of the CRLNumber extension present in CRLs
+ * matched by this selector. Specify <code>null</code> to clear this
+ * criterion.
+ *
+ * @param minCrlNumber The minimum CRL number.
+ */
+ public void setMinCRLNumber(BigInteger minCrlNumber)
+ {
+ this.minCrlNumber = minCrlNumber;
+ }
+
+ /**
+ * Returns the date when this CRL must be valid; that is, the date
+ * must be after the thisUpdate date, but before the nextUpdate date.
+ * Returns <code>null</code> if this criterion is not set.
+ *
+ * @return The date.
+ */
+ public Date getDateAndTime()
+ {
+ return date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Sets the date at which this CRL must be valid. Specify
+ * <code>null</code> to clear this criterion.
+ *
+ * @param date The date.
+ */
+ public void setDateAndTime(Date date)
+ {
+ this.date = date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Returns the certificate being checked, or <code>null</code> if this
+ * value is not set.
+ *
+ * @return The certificate.
+ */
+ public X509Certificate getCertificateChecking()
+ {
+ return cert;
+ }
+
+ /**
+ * Sets the certificate being checked. This is not a criterion, but
+ * info used by certificate store implementations to aid in searching.
+ *
+ * @param cert The certificate.
+ */
+ public void setCertificateChecking(X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ /**
+ * Returns a string representation of this selector. The string will
+ * only describe the enabled criteria, so if none are enabled this will
+ * return a string that contains little else besides the class name.
+ *
+ * @return The string.
+ */
+ public String toString()
+ {
+ StringBuffer str = new StringBuffer(X509CRLSelector.class.getName());
+ GetPropertyAction getProp = new GetPropertyAction("line.separator");
+ String nl = (String) AccessController.doPrivileged(getProp);
+ String eol = ";" + nl;
+
+ str.append(" {").append(nl);
+ if (issuerNames != null)
+ str.append(" issuer names = ").append(issuerNames).append(eol);
+ if (maxCrlNumber != null)
+ str.append(" max CRL = ").append(maxCrlNumber).append(eol);
+ if (minCrlNumber != null)
+ str.append(" min CRL = ").append(minCrlNumber).append(eol);
+ if (date != null)
+ str.append(" date = ").append(date).append(eol);
+ if (cert != null)
+ str.append(" certificate = ").append(cert).append(eol);
+ str.append("}").append(nl);
+ return str.toString();
+ }
+
+ /**
+ * Checks a CRL against the criteria of this selector, returning
+ * <code>true</code> if the given CRL matches all the criteria.
+ *
+ * @param _crl The CRL being checked.
+ * @return True if the CRL matches, false otherwise.
+ */
+ public boolean match(CRL _crl)
+ {
+ if (!(_crl instanceof X509CRL))
+ return false;
+ X509CRL crl = (X509CRL) _crl;
+ if (issuerNames != null)
+ {
+ if (!issuerNames.contains(crl.getIssuerX500Principal()))
+ return false;
+ }
+ BigInteger crlNumber = null;
+ if (maxCrlNumber != null)
+ {
+ try
+ {
+ byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+ if (b == null)
+ return false;
+ try
+ {
+ DERValue val = DERReader.read(b);
+ if (!(val.getValue() instanceof BigInteger))
+ return false;
+ crlNumber = (BigInteger) val.getValue();
+ }
+ catch (IOException ioe)
+ {
+ return false;
+ }
+ if (maxCrlNumber.compareTo(crlNumber) < 0)
+ return false;
+ }
+ catch (CertificateParsingException cpe)
+ {
+ return false;
+ }
+ }
+ if (minCrlNumber != null)
+ {
+ try
+ {
+ if (crlNumber == null)
+ {
+ byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+ if (b == null)
+ return false;
+ try
+ {
+ DERValue val = DERReader.read(b);
+ if (!(val.getValue() instanceof BigInteger))
+ return false;
+ crlNumber = (BigInteger) val.getValue();
+ }
+ catch (IOException ioe)
+ {
+ return false;
+ }
+ }
+ if (minCrlNumber.compareTo(crlNumber) > 0)
+ return false;
+ }
+ catch (CertificateParsingException cpe)
+ {
+ return false;
+ }
+ }
+ if (date != null)
+ {
+ if (date.compareTo(crl.getThisUpdate()) < 0 ||
+ date.compareTo(crl.getNextUpdate()) > 0)
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a copy of this object.
+ *
+ * @return The copy.
+ */
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException shouldNotHappen)
+ {
+ throw new Error(shouldNotHappen);
+ }
+ }
+}
--- /dev/null
+/* X509CertSelector.java -- selects X.509 certificates by criteria.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+import java.security.AccessController;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.spec.X509EncodedKeySpec;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import gnu.java.security.OID;
+import gnu.java.security.action.GetPropertyAction;
+
+/**
+ * A concrete implementation of {@link CertSelector} for X.509 certificates,
+ * which allows a number of criteria to be set when accepting certificates,
+ * from validity dates, to issuer and subject distinguished names, to some
+ * of the various X.509 extensions.
+ *
+ * <p>Use of this class requires extensive knowledge of the Internet
+ * Engineering Task Force's Public Key Infrastructure (X.509). The primary
+ * document describing this standard is <a
+ * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * Public Key Infrastructure Certificate and Certificate Revocation List
+ * (CRL) Profile</a>.
+ *
+ * <p>Note that this class is not thread-safe. If multiple threads will
+ * use or modify this class then they need to synchronize on the object.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class X509CertSelector implements CertSelector, Cloneable
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ private static final String AUTH_KEY_ID = "2.5.29.35";
+ private static final String SUBJECT_KEY_ID = "2.5.29.14";
+ private static final String NAME_CONSTRAINTS_ID = "2.5.29.30";
+
+ private int basicConstraints;
+ private X509Certificate cert;
+ private BigInteger serialNo;
+ private X500Principal issuer;
+ private X500Principal subject;
+ private byte[] subjectKeyId;
+ private byte[] authKeyId;
+ private boolean[] keyUsage;
+ private Date certValid;
+ private OID sigId;
+ private PublicKey subjectKey;
+ private X509EncodedKeySpec subjectKeySpec;
+ private Set keyPurposeSet;
+ private List altNames;
+ private boolean matchAllNames;
+ private byte[] nameConstraints;
+ private Set policy;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new X.509 certificate selector. The new selector will be
+ * empty, and will accept any certificate (provided that it is an
+ * {@link X509Certificate}).
+ */
+ public X509CertSelector()
+ {
+ basicConstraints = -1;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the certificate criterion, or <code>null</code> if this value
+ * was not set.
+ *
+ * @return The certificate.
+ */
+ public X509Certificate getCertificate()
+ {
+ return cert;
+ }
+
+ /**
+ * Sets the certificate criterion. If set, only certificates that are
+ * equal to the certificate passed here will be accepted.
+ *
+ * @param cert The certificate.
+ */
+ public void setCertificate(X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ /**
+ * Returns the serial number criterion, or <code>null</code> if this
+ * value was not set.
+ *
+ * @return The serial number.
+ */
+ public BigInteger getSerialNumber()
+ {
+ return serialNo;
+ }
+
+ /**
+ * Sets the serial number of the desired certificate. Only certificates that
+ * contain this serial number are accepted.
+ *
+ * @param serialNo The serial number.
+ */
+ public void setSerialNumber(BigInteger serialNo)
+ {
+ this.serialNo = serialNo;
+ }
+
+ /**
+ * Returns the issuer criterion as a string, or <code>null</code> if this
+ * value was not set.
+ *
+ * @return The issuer.
+ */
+ public String getIssuerAsString()
+ {
+ if (issuer != null)
+ return issuer.getName();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the issuer criterion as a sequence of DER bytes, or
+ * <code>null</code> if this value was not set.
+ *
+ * @return The issuer.
+ */
+ public byte[] getIssuerAsBytes() throws IOException
+ {
+ if (issuer != null)
+ return issuer.getEncoded();
+ else
+ return null;
+ }
+
+ /**
+ * Sets the issuer, specified as a string representation of the issuer's
+ * distinguished name. Only certificates issued by this issuer will
+ * be accepted.
+ *
+ * @param name The string representation of the issuer's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setIssuer(String name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ issuer = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ issuer = null;
+ }
+
+ /**
+ * Sets the issuer, specified as the DER encoding of the issuer's
+ * distinguished name. Only certificates issued by this issuer will
+ * be accepted.
+ *
+ * @param name The DER encoding of the issuer's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setIssuer(byte[] name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ issuer = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ issuer = null;
+ }
+
+ /**
+ * Returns the subject criterion as a string, of <code>null</code> if
+ * this value was not set.
+ *
+ * @return The subject.
+ */
+ public String getSubjectAsString()
+ {
+ if (subject != null)
+ return subject.getName();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the subject criterion as a sequence of DER bytes, or
+ * <code>null</code> if this value is not set.
+ *
+ * @return The subject.
+ */
+ public byte[] getSubjectAsBytes() throws IOException
+ {
+ if (subject != null)
+ return subject.getEncoded();
+ else
+ return null;
+ }
+
+ /**
+ * Sets the subject, specified as a string representation of the
+ * subject's distinguished name. Only certificates with the given
+ * subject will be accepted.
+ *
+ * @param name The string representation of the subject's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setSubject(String name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ subject = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ subject = null;
+ }
+
+ /**
+ * Sets the subject, specified as the DER encoding of the subject's
+ * distinguished name. Only certificates with the given subject will
+ * be accepted.
+ *
+ * @param name The DER encoding of the subject's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setSubject(byte[] name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ subject = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ subject = null;
+ }
+
+ /**
+ * Returns the subject key identifier criterion, or <code>null</code> if
+ * this value was not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The subject key identifier.
+ */
+ public byte[] getSubjectKeyIdentifier()
+ {
+ if (subjectKeyId != null)
+ return (byte[]) subjectKeyId.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Sets the subject key identifier criterion, or <code>null</code> to clear
+ * this criterion. Note that the byte array is cloned to prevent modification.
+ *
+ * @param subjectKeyId The subject key identifier.
+ */
+ public void setSubjectKeyIdentifier(byte[] subjectKeyId)
+ {
+ this.subjectKeyId = subjectKeyId != null ? (byte[]) subjectKeyId.clone() :
+ null;
+ }
+
+ /**
+ * Returns the authority key identifier criterion, or <code>null</code> if
+ * this value was not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The authority key identifier.
+ */
+ public byte[] getAuthorityKeyIdentifier()
+ {
+ if (authKeyId != null)
+ return (byte[]) authKeyId.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Sets the authority key identifier criterion, or <code>null</code> to clear
+ * this criterion. Note that the byte array is cloned to prevent modification.
+ *
+ * @param subjectKeyId The subject key identifier.
+ */
+ public void setAuthorityKeyIdentifier(byte[] authKeyId)
+ {
+ this.authKeyId = authKeyId != null ? (byte[]) authKeyId.clone() : null;
+ }
+
+ /**
+ * Returns the date at which certificates must be valid, or <code>null</code>
+ * if this criterion was not set.
+ *
+ * @return The target certificate valitity date.
+ */
+ public Date getCertificateValid()
+ {
+ if (certValid != null)
+ return (Date) certValid.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Sets the date at which certificates must be valid. Specify
+ * <code>null</code> to clear this criterion.
+ *
+ * @param certValid The certificate validity date.
+ */
+ public void setCertificateValid(Date certValid)
+ {
+ this.certValid = certValid != null ? (Date) certValid.clone() : null;
+ }
+
+ /**
+ * This method, and its related X.509 certificate extension — the
+ * private key usage period — is not supported under the Internet
+ * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this
+ * method is not supported either.
+ *
+ * <p>Do not use this method. It is not deprecated, as it is not deprecated
+ * in the Java standard, but it is basically a no-operation and simply
+ * returns <code>null</code>.
+ *
+ * @return Null.
+ */
+ public Date getPrivateKeyValid()
+ {
+ return null;
+ }
+
+ /**
+ * This method, and its related X.509 certificate extension — the
+ * private key usage period — is not supported under the Internet
+ * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this
+ * method is not supported either.
+ *
+ * <p>Do not use this method. It is not deprecated, as it is not deprecated
+ * in the Java standard, but it is basically a no-operation.
+ *
+ * @param UNUSED Is silently ignored.
+ */
+ public void setPrivateKeyValid(Date UNUSED)
+ {
+ }
+
+ /**
+ * Returns the public key algorithm ID that matching certificates must have,
+ * or <code>null</code> if this criterion was not set.
+ *
+ * @return The public key algorithm ID.
+ */
+ public String getSubjectPublicKeyAlgID()
+ {
+ return String.valueOf(sigId);
+ }
+
+ /**
+ * Sets the public key algorithm ID that matching certificates must have.
+ * Specify <code>null</code> to clear this criterion.
+ *
+ * @param sigId The public key ID.
+ * @throws IOException If the specified ID is not a valid object identifier.
+ */
+ public void setSubjectPublicKeyAlgID(String sigId) throws IOException
+ {
+ if (sigId != null)
+ {
+ try
+ {
+ OID oid = new OID(sigId);
+ int[] comp = oid.getIDs();
+ if (!checkOid(comp))
+ throw new IOException("malformed OID: " + sigId);
+ this.sigId = oid;
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed OID: " + sigId);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else
+ this.sigId = null;
+ }
+
+ /**
+ * Returns the subject public key criterion, or <code>null</code> if this
+ * value is not set.
+ *
+ * @return The subject public key.
+ */
+ public PublicKey getSubjectPublicKey()
+ {
+ return subjectKey;
+ }
+
+ /**
+ * Sets the subject public key criterion as an opaque representation.
+ * Specify <code>null</code> to clear this criterion.
+ *
+ * @param key The public key.
+ */
+ public void setSubjectPublicKey(PublicKey key)
+ {
+ this.subjectKey = key;
+ if (key == null)
+ {
+ subjectKeySpec = null;
+ return;
+ }
+ try
+ {
+ KeyFactory enc = KeyFactory.getInstance("X.509");
+ subjectKeySpec = (X509EncodedKeySpec)
+ enc.getKeySpec(key, X509EncodedKeySpec.class);
+ }
+ catch (Exception x)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ }
+ }
+
+ /**
+ * Sets the subject public key criterion as a DER-encoded key. Specify
+ * <code>null</code> to clear this value.
+ *
+ * @param key The DER-encoded key bytes.
+ * @throws IOException If the argument is not a valid DER-encoded key.
+ */
+ public void setSubjectPublicKey(byte[] key) throws IOException
+ {
+ if (key == null)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ return;
+ }
+ try
+ {
+ subjectKeySpec = new X509EncodedKeySpec(key);
+ KeyFactory enc = KeyFactory.getInstance("X.509");
+ subjectKey = enc.generatePublic(subjectKeySpec);
+ }
+ catch (Exception x)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ IOException ioe = new IOException(x.getMessage());
+ ioe.initCause(x);
+ throw ioe;
+ }
+ }
+
+ /**
+ * Returns the public key usage criterion, or <code>null</code> if this
+ * value is not set. Note that the array is cloned to prevent modification.
+ *
+ * @return The public key usage.
+ */
+ public boolean[] getKeyUsage()
+ {
+ if (keyUsage != null)
+ return (boolean[]) keyUsage.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Sets the public key usage criterion. Specify <code>null</code> to clear
+ * this value.
+ *
+ * @param keyUsage The public key usage.
+ */
+ public void setKeyUsage(boolean[] keyUsage)
+ {
+ this.keyUsage = keyUsage != null ? (boolean[]) keyUsage.clone() : null;
+ }
+
+ /**
+ * Returns the set of extended key purpose IDs, as an unmodifiable set
+ * of OID strings. Returns <code>null</code> if this criterion is not
+ * set.
+ *
+ * @return The set of key purpose OIDs (strings).
+ */
+ public Set getExtendedKeyUsage()
+ {
+ if (keyPurposeSet != null)
+ return Collections.unmodifiableSet(keyPurposeSet);
+ else
+ return null;
+ }
+
+ /**
+ * Sets the extended key usage criterion, as a set of OID strings. Specify
+ * <code>null</code> to clear this value.
+ *
+ * @param keyPurposeSet The set of key purpose OIDs.
+ * @throws IOException If any element of the set is not a valid OID string.
+ */
+ public void setExtendedKeyUsage(Set keyPurposeSet) throws IOException
+ {
+ if (keyPurposeSet == null)
+ {
+ this.keyPurposeSet = null;
+ return;
+ }
+ Set s = new HashSet();
+ for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (!(o instanceof String))
+ throw new IOException("not a string: " + o);
+ try
+ {
+ OID oid = new OID((String) o);
+ int[] comp = oid.getIDs();
+ if (!checkOid(comp))
+ throw new IOException("malformed OID: " + o);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed OID: " + o);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ this.keyPurposeSet = s;
+ }
+
+ /**
+ * Returns whether or not all specified alternative names must match.
+ * If false, a certificate is considered a match if <em>one</em> of the
+ * specified alternative names matches.
+ *
+ * @return true if all names must match.
+ */
+ public boolean getMatchAllSubjectAltNames()
+ {
+ return matchAllNames;
+ }
+
+ /**
+ * Sets whether or not all subject alternative names must be matched.
+ * If false, then a certificate will be considered a match if one
+ * alternative name matches.
+ *
+ * @param matchAllNames Whether or not all alternative names must be
+ * matched.
+ */
+ public void setMatchAllSubjectAltNames(boolean matchAllNames)
+ {
+ this.matchAllNames = matchAllNames;
+ }
+
+ /**
+ * Sets the subject alternative names critertion. Each element of the
+ * argument must be a {@link java.util.List} that contains exactly two
+ * elements: the first an {@link Integer}, representing the type of
+ * name, and the second either a {@link String} or a byte array,
+ * representing the name itself.
+ *
+ * @param altNames The alternative names.
+ * @throws IOException If any element of the argument is invalid.
+ */
+ public void setSubjectAlternativeNames(Collection altNames)
+ throws IOException
+ {
+ if (altNames == null)
+ {
+ this.altNames = null;
+ return;
+ }
+ List l = new ArrayList(altNames.size());
+ for (Iterator it = altNames.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (!(o instanceof List) || ((List) o).size() != 2 ||
+ !(((List) o).get(0) instanceof Integer) ||
+ !(((List) o).get(1) instanceof String) ||
+ !(((List) o).get(1) instanceof byte[]))
+ throw new IOException("illegal alternative name: " + o);
+ Integer i = (Integer) ((List) o).get(0);
+ if (i.intValue() < 0 || i.intValue() > 8)
+ throw new IOException("illegal alternative name: " + o +
+ ", bad id: " + i);
+ l.add(new ArrayList((List) o));
+ }
+ this.altNames = l;
+ }
+
+ /**
+ * Add a name to the subject alternative names criterion.
+ *
+ * @param id The type of name this is. Must be in the range [0,8].
+ * @param name The name.
+ * @throws IOException If the id is out of range, or if the name
+ * is null.
+ */
+ public void addSubjectAlternativeName(int id, String name)
+ throws IOException
+ {
+ if (id < 0 || id > 8 || name == null)
+ throw new IOException("illegal alternative name");
+ if (altNames == null)
+ altNames = new LinkedList();
+ ArrayList l = new ArrayList(2);
+ l.add(new Integer(id));
+ l.add(name);
+ altNames.add(l);
+ }
+
+ /**
+ * Add a name, as DER-encoded bytes, to the subject alternative names
+ * criterion.
+ *
+ * @param id The type of name this is.
+ */
+ public void addSubjectAlternativeName(int id, byte[] name)
+ throws IOException
+ {
+ if (id < 0 || id > 8 || name == null)
+ throw new IOException("illegal alternative name");
+ if (altNames == null)
+ altNames = new LinkedList();
+ ArrayList l = new ArrayList(2);
+ l.add(new Integer(id));
+ l.add(name);
+ altNames.add(l);
+ }
+
+ /**
+ * Returns the name constraints criterion, or <code>null</code> if this
+ * value is not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The name constraints.
+ */
+ public byte[] getNameConstraints()
+ {
+ if (nameConstraints != null)
+ return (byte[]) nameConstraints.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Sets the name constraints criterion; specify <code>null</code> to
+ * clear this criterion. Note that if non-null, the argument will be
+ * cloned to prevent modification.
+ *
+ * @param nameConstraints The new name constraints.
+ * @throws IOException If the argument is not a valid DER-encoded
+ * name constraints.
+ */
+ public void setNameConstraints(byte[] nameConstraints)
+ throws IOException
+ {
+ // FIXME check if the argument is valid.
+ this.nameConstraints = nameConstraints != null
+ ? (byte[]) nameConstraints.clone() : null;
+ }
+
+ /**
+ * Returns the basic constraints criterion, or -1 if this value is not set.
+ *
+ * @return The basic constraints.
+ */
+ public int getBasicConstraints()
+ {
+ return basicConstraints;
+ }
+
+ /**
+ * Sets the basic constraints criterion. Specify -1 to clear this parameter.
+ *
+ * @param basicConstraints The new basic constraints value.
+ */
+ public void setBasicConstraints(int basicConstraints)
+ {
+ if (basicConstraints < -1)
+ basicConstraints = -1;
+ this.basicConstraints = basicConstraints;
+ }
+
+ // The last two criteria not yet implemented are certificate policies
+ // and path-to-names. Both of these are somewhat advanced extensions
+ // (you could probably count the applications that actually use them
+ // on one hand), and they both have no support in the X509Certificate
+ // class.
+ //
+ // Not having support in X509Certificate is not always a problem; for
+ // example, we can compare DER-encoded values as byte arrays for some
+ // extensions. We can't, however, compare them if they are specified
+ // in a set (as policies are). We need to parse the actual value in the
+ // certificate, and check it against the specified set.
+
+ // FIXME
+// public void setPolicy(Set policy) throws IOException
+// {
+// if (policy != null)
+// {
+// for (Iterator it = policy.iterator(); it.hasNext(); )
+// try
+// {
+// OID oid = new OID((String) it.next());
+// int[] i = oid.getIDs();
+// if (!checkOid(i))
+// throw new IOException("invalid OID");
+// }
+// catch (Exception x)
+// {
+// throw new IOException("invalid OID");
+// }
+// }
+// this.policy = policy != null ? new HashSet(policy) : null;
+// }
+
+ // FIXME
+// public void setPathToNames(Collection names) throws IOException
+// {
+// if (names == null)
+// {
+// this.names = null;
+// return;
+// }
+// for (Iterator it = names.iterator(); it.hasNext(); )
+// {
+// try
+// {
+// List l = (List) it.next();
+// if (l.get(1) instanceof String)
+// addPathToName(((Integer)l.get(0)).intValue(), (String)l.get(1));
+// else
+// addPathToName(((Integer)l.get(0)).intValue(), (byte[])l.get(1));
+// }
+// catch (Exception x)
+// {
+// this.names = null;
+// throw new IOException("invalid names");
+// }
+// }
+// }
+
+ // FIXME
+// public void addPathToName(int id, String name) throws IOException
+// {
+// }
+
+ // FIXME
+// public void addPathToName(int id, byte[] name) throws IOException
+// {
+// }
+
+ // FIXME
+// public Collection getSubjectAlternativeNames()
+// {
+// return null;
+// }
+
+ // FIXME
+// public Set getPolicy()
+// {
+// return null;
+// }
+
+ // FIXME
+// public Collection getPathToNames()
+// {
+// return null;
+// }
+
+ /**
+ * Match a certificate. This method will check the given certificate
+ * against all the enabled criteria of this selector, and will return
+ * <code>true</code> if the given certificate matches.
+ *
+ * @param certificate The certificate to check.
+ * @return true if the certificate matches all criteria.
+ */
+ public boolean match(Certificate certificate)
+ {
+ if (!(certificate instanceof X509Certificate))
+ return false;
+ X509Certificate cert = (X509Certificate) certificate;
+ if (this.cert != null)
+ {
+ try
+ {
+ byte[] e1 = this.cert.getEncoded();
+ byte[] e2 = cert.getEncoded();
+ if (!Arrays.equals(e1, e2))
+ return false;
+ }
+ catch (CertificateEncodingException cee)
+ {
+ return false;
+ }
+ }
+ if (serialNo != null)
+ {
+ if (!serialNo.equals(cert.getSerialNumber()))
+ return false;
+ }
+ if (certValid != null)
+ {
+ try
+ {
+ cert.checkValidity(certValid);
+ }
+ catch (CertificateException ce)
+ {
+ return false;
+ }
+ }
+ if (issuer != null)
+ {
+ if (!issuer.equals(cert.getIssuerX500Principal()))
+ return false;
+ }
+ if (subject != null)
+ {
+ if (!subject.equals(cert.getSubjectX500Principal()))
+ return false;
+ }
+ if (sigId != null)
+ {
+ if (!sigId.equals(cert.getSigAlgOID()))
+ return false;
+ }
+ if (subjectKeyId != null)
+ {
+ byte[] b = cert.getExtensionValue(SUBJECT_KEY_ID);
+ if (!Arrays.equals(b, subjectKeyId))
+ return false;
+ }
+ if (authKeyId != null)
+ {
+ byte[] b = cert.getExtensionValue(AUTH_KEY_ID);
+ if (!Arrays.equals(b, authKeyId))
+ return false;
+ }
+ if (keyUsage != null)
+ {
+ boolean[] b = cert.getKeyUsage();
+ if (!Arrays.equals(b, keyUsage))
+ return false;
+ }
+ if (basicConstraints >= 0)
+ {
+ if (cert.getBasicConstraints() != basicConstraints)
+ return false;
+ }
+ if (keyPurposeSet != null)
+ {
+ List kp = null;
+ try
+ {
+ kp = cert.getExtendedKeyUsage();
+ }
+ catch (CertificateParsingException cpe)
+ {
+ return false;
+ }
+ if (kp == null)
+ return false;
+ for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); )
+ {
+ if (!kp.contains(it.next()))
+ return false;
+ }
+ }
+ if (altNames != null)
+ {
+ Collection an = null;
+ try
+ {
+ an = cert.getSubjectAlternativeNames();
+ }
+ catch (CertificateParsingException cpe)
+ {
+ return false;
+ }
+ if (an == null)
+ return false;
+ int match = 0;
+ for (Iterator it = altNames.iterator(); it.hasNext(); )
+ {
+ List l = (List) it.next();
+ Integer id = (Integer) l.get(0);
+ String s = null;
+ byte[] b = null;
+ if (l.get(1) instanceof String)
+ s = (String) l.get(1);
+ else if (l.get(1) instanceof byte[])
+ b = (byte[]) l.get(1);
+ else
+ return false;
+ for (Iterator it2 = an.iterator(); it2.hasNext(); )
+ {
+ Object o = it2.next();
+ if (!(o instanceof List))
+ continue;
+ List l2 = (List) o;
+ if (l2.size() != 2)
+ continue;
+ if (!id.equals(l2.get(0)))
+ continue;
+ if (s != null && (l2.get(1) instanceof String) &&
+ s.equals(l2.get(1)))
+ match++;
+ else if (b != null && (l2.get(1) instanceof byte[]) &&
+ Arrays.equals(b, (byte[]) l2.get(1)))
+ match++;
+ }
+ if (match == 0 || (matchAllNames && match != altNames.size()))
+ return false;
+ }
+ }
+ if (nameConstraints != null)
+ {
+ byte[] nc = cert.getExtensionValue(NAME_CONSTRAINTS_ID);
+ if (!Arrays.equals(nameConstraints, nc))
+ return false;
+ }
+
+ // FIXME check policies.
+ // FIXME check path-to-names.
+
+ return true;
+ }
+
+ public String toString()
+ {
+ StringBuffer str = new StringBuffer(X509CertSelector.class.getName());
+ GetPropertyAction getProp = new GetPropertyAction("line.separator");
+ String nl = (String) AccessController.doPrivileged(getProp);
+ String eol = ";" + nl;
+ str.append(" {").append(nl);
+ if (cert != null)
+ str.append(" certificate = ").append(cert).append(eol);
+ if (basicConstraints >= 0)
+ str.append(" basic constraints = ").append(basicConstraints).append(eol);
+ if (serialNo != null)
+ str.append(" serial number = ").append(serialNo).append(eol);
+ if (certValid != null)
+ str.append(" valid date = ").append(certValid).append(eol);
+ if (issuer != null)
+ str.append(" issuer = ").append(issuer).append(eol);
+ if (subject != null)
+ str.append(" subject = ").append(subject).append(eol);
+ if (sigId != null)
+ str.append(" signature OID = ").append(sigId).append(eol);
+ if (subjectKey != null)
+ str.append(" subject public key = ").append(subjectKey).append(eol);
+ if (subjectKeyId != null)
+ {
+ str.append(" subject key ID = ");
+ for (int i = 0; i < subjectKeyId.length; i++)
+ {
+ str.append(Character.forDigit((subjectKeyId[i] & 0xF0) >>> 8, 16));
+ str.append(Character.forDigit((subjectKeyId[i] & 0x0F), 16));
+ if (i < subjectKeyId.length - 1)
+ str.append(':');
+ }
+ str.append(eol);
+ }
+ if (authKeyId != null)
+ {
+ str.append(" authority key ID = ");
+ for (int i = 0; i < authKeyId.length; i++)
+ {
+ str.append(Character.forDigit((authKeyId[i] & 0xF0) >>> 8, 16));
+ str.append(Character.forDigit((authKeyId[i] & 0x0F), 16));
+ if (i < authKeyId.length - 1)
+ str.append(':');
+ }
+ str.append(eol);
+ }
+ if (keyUsage != null)
+ {
+ str.append(" key usage = ");
+ for (int i = 0; i < keyUsage.length; i++)
+ str.append(keyUsage[i] ? '1' : '0');
+ str.append(eol);
+ }
+ if (keyPurposeSet != null)
+ str.append(" key purpose = ").append(keyPurposeSet).append(eol);
+ if (altNames != null)
+ str.append(" alternative names = ").append(altNames).append(eol);
+ if (nameConstraints != null)
+ str.append(" name constraints = <blob of data>").append(eol);
+ str.append("}").append(nl);
+ return str.toString();
+ }
+
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException shouldNotHappen)
+ {
+ throw new Error(shouldNotHappen);
+ }
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private static boolean checkOid(int[] oid)
+ {
+ return (oid != null && oid.length > 2 &&
+ (oid[0] >= 0 && oid[0] <= 2) && (oid[1] >= 0 && oid[1] <= 39));
+ }
+}
--- /dev/null
+/* BadPaddingException -- Signals bad padding bytes on decryption.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * This exception is thrown during decryption when the decrypted input
+ * does not have the proper padding bytes that are expected by the padding
+ * mechanism.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class BadPaddingException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = -5315033893984728443L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new bad padding exception with no detail message.
+ */
+ public BadPaddingException()
+ {
+ super();
+ }
+
+ /**
+ * Creates a new bad padding exception with a detail message.
+ *
+ * @param message The detail message.
+ */
+ public BadPaddingException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* Cipher.java -- Interface to a cryptographic cipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+import java.util.Enumeration;
+import java.util.StringTokenizer;
+
+import gnu.java.security.Engine;
+
+/**
+ * <p>This class implements a cryptographic cipher for transforming
+ * data.</p>
+ *
+ * <p>Ciphers cannot be instantiated directly; rather one of the
+ * <code>getInstance</code> must be used to instantiate a given
+ * <i>transformation</i>, optionally with a specific provider.</p>
+ *
+ * <p>A transformation is of the form:</p>
+ *
+ * <ul>
+ * <li><i>algorithm</i>/<i>mode</i>/<i>padding</i>, or</li>
+ * <li><i>algorithm</i>
+ * </ul>
+ *
+ * <p>where <i>algorithm</i> is the base name of a cryptographic cipher
+ * (such as "AES"), <i>mode</i> is the abbreviated name of a block
+ * cipher mode (such as "CBC" for cipher block chaining mode), and
+ * <i>padding</i> is the name of a padding scheme (such as
+ * "PKCS5Padding"). If only the algorithm name is supplied, then the
+ * provider-specific default mode and padding will be used.</p>
+ *
+ * <p>An example transformation is:</p>
+ *
+ * <blockquote><code>Cipher c =
+ * Cipher.getInstance("AES/CBC/PKCS5Padding");</code></blockquote>
+ *
+ * <p>Finally, when requesting a block cipher in stream cipher mode
+ * (such as <acronym title="Advanced Encryption Standard">AES</acronym>
+ * in OFB or CFB mode) the number of bits to be processed
+ * at a time may be specified by appending it to the name of the mode;
+ * e.g. <code>"AES/OFB8/NoPadding"</code>. If no such number is
+ * specified a provider-specific default value is used.</p>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @see java.security.KeyGenerator
+ * @see javax.crypto.SecretKey
+ */
+public class Cipher
+{
+
+ // Constants and variables.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "Cipher";
+
+ /**
+ * The decryption operation mode.
+ */
+ public static final int DECRYPT_MODE = 2;
+
+ /**
+ * The encryption operation mode.
+ */
+ public static final int ENCRYPT_MODE = 1;
+
+ /**
+ * Constant for when the key to be unwrapped is a private key.
+ */
+ public static final int PRIVATE_KEY = 2;
+
+ /**
+ * Constant for when the key to be unwrapped is a public key.
+ */
+ public static final int PUBLIC_KEY = 1;
+
+ /**
+ * Constant for when the key to be unwrapped is a secret key.
+ */
+ public static final int SECRET_KEY = 3;
+
+ /**
+ * The key unwrapping operation mode.
+ */
+ public static final int UNWRAP_MODE = 4;
+
+ /**
+ * The key wrapping operation mode.
+ */
+ public static final int WRAP_MODE = 3;
+
+ /**
+ * The uninitialized state. This state signals that any of the
+ * <code>init</code> methods have not been called, and therefore no
+ * transformations can be done.
+ */
+ private static final int INITIAL_STATE = 0;
+
+ /** The underlying cipher service provider interface. */
+ private CipherSpi cipherSpi;
+
+ /** The provider from which this instance came. */
+ private Provider provider;
+
+ /** The transformation requested. */
+ private String transformation;
+
+ /** Our current state (encrypting, wrapping, etc.) */
+ private int state;
+
+\f
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * <p>Creates a new cipher instance for the given transformation.</p>
+ *
+ * <p>The installed providers are tried in order for an
+ * implementation, and the first appropriate instance is returned. If
+ * no installed provider can provide the implementation, an
+ * appropriate exception is thrown.</p>
+ *
+ * @param transformation The transformation to create.
+ * @return An appropriate cipher for this transformation.
+ * @throws java.security.NoSuchAlgorithmException If no installed
+ * provider can supply the appropriate cipher or mode.
+ * @throws javax.crypto.NoSuchPaddingException If no installed
+ * provider can supply the appropriate padding.
+ */
+ public static final Cipher getInstance(String transformation)
+ throws NoSuchAlgorithmException, NoSuchPaddingException
+ {
+ Provider[] providers = Security.getProviders();
+ NoSuchPaddingException ex = null;
+ String msg = "";
+ for (int i = 0; i < providers.length; i++)
+ {
+ try
+ {
+ return getInstance(transformation, providers[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ ex = null;
+ }
+ catch (NoSuchPaddingException nspe)
+ {
+ ex = nspe;
+ }
+ }
+ if (ex != null)
+ {
+ throw ex;
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ /**
+ * <p>Creates a new cipher instance for the given transformation and
+ * the named provider.</p>
+ *
+ * @param transformation The transformation to create.
+ * @param provider The name of the provider to use.
+ * @return An appropriate cipher for this transformation.
+ * @throws java.security.NoSuchAlgorithmException If the provider cannot
+ * supply the appropriate cipher or mode.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * is not installed.
+ * @throws javax.crypto.NoSuchPaddingException If the provider cannot
+ * supply the appropriate padding.
+ */
+ public static final Cipher getInstance(String transformation, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ NoSuchPaddingException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(transformation, p);
+ }
+
+ /**
+ * Creates a new cipher instance for the given transform and the given
+ * provider.
+ *
+ * @param transformation The transformation to create.
+ * @param provider The provider to use.
+ * @return An appropriate cipher for this transformation.
+ * @throws java.security.NoSuchAlgorithmException If the given
+ * provider cannot supply the appropriate cipher or mode.
+ * @throws javax.crypto.NoSuchPaddingException If the given
+ * provider cannot supply the appropriate padding scheme.
+ */
+ public static final Cipher getInstance(String transformation, Provider provider)
+ throws NoSuchAlgorithmException, NoSuchPaddingException
+ {
+ CipherSpi result = null;
+ String key = null;
+ String alg = null, mode = null, pad = null;
+ String msg = "";
+ if (transformation.indexOf('/') < 0)
+ {
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, transformation,
+ provider);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ msg = e.getMessage();
+ }
+ }
+ else
+ {
+ StringTokenizer tok = new StringTokenizer(transformation, "/");
+ if (tok.countTokens() != 3)
+ {
+ throw new NoSuchAlgorithmException("badly formed transformation");
+ }
+ alg = tok.nextToken();
+ mode = tok.nextToken();
+ pad = tok.nextToken();
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, transformation,
+ provider);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ msg = e.getMessage();
+ }
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, alg + '/' + mode,
+ provider);
+ result.engineSetPadding(pad);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ if (e instanceof NoSuchPaddingException)
+ {
+ throw (NoSuchPaddingException) e;
+ }
+ msg = e.getMessage();
+ }
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, alg + "//" + pad,
+ provider);
+ result.engineSetMode(mode);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ msg = e.getMessage();
+ }
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, alg, provider);
+ result.engineSetMode(mode);
+ result.engineSetPadding(pad);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ if (e instanceof NoSuchPaddingException)
+ {
+ throw (NoSuchPaddingException) e;
+ }
+ msg = e.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(transformation + ": " + msg);
+ }
+
+\f// Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a cipher.
+ *
+ * @param cipherSpi The underlying implementation of the cipher.
+ * @param provider The provider of this cipher implementation.
+ * @param transformation The transformation this cipher performs.
+ */
+ protected
+ Cipher(CipherSpi cipherSpi, Provider provider, String transformation)
+ {
+ this.cipherSpi = cipherSpi;
+ this.provider = provider;
+ this.transformation = transformation;
+ state = INITIAL_STATE;
+ }
+
+\f// Public instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the name that this cipher instance was created with; this is
+ * equivalent to the "transformation" argument given to any of the
+ * {@link #getInstance()} methods.
+ *
+ * @return The cipher name.
+ */
+ public final String getAlgorithm()
+ {
+ return transformation;
+ }
+
+ /**
+ * Return the size of blocks, in bytes, that this cipher processes.
+ *
+ * @return The block size.
+ */
+ public final int getBlockSize()
+ {
+ if (cipherSpi != null)
+ {
+ return cipherSpi.engineGetBlockSize();
+ }
+ return 1;
+ }
+
+ /**
+ * Return the currently-operating {@link ExemptionMechanism}.
+ *
+ * @return null, currently.
+ */
+ public final ExemptionMechanism getExemptionMechanism()
+ {
+ return null;
+ }
+
+ /**
+ * Return the <i>initialization vector</i> that this instance was
+ * initialized with.
+ *
+ * @return The IV.
+ */
+ public final byte[] getIV()
+ {
+ if (cipherSpi != null)
+ {
+ return cipherSpi.engineGetIV();
+ }
+ return null;
+ }
+
+ /**
+ * Return the {@link java.security.AlgorithmParameters} that this
+ * instance was initialized with.
+ *
+ * @return The parameters.
+ */
+ public final AlgorithmParameters getParameters()
+ {
+ if (cipherSpi != null) {
+ return cipherSpi.engineGetParameters();
+ }
+ return null;
+ }
+
+ /**
+ * Return this cipher's provider.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Finishes a multi-part transformation, and returns the final
+ * transformed bytes.
+ *
+ * @return The final transformed bytes.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ */
+ public final byte[] doFinal()
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
+ {
+ return doFinal(new byte[0], 0, 0);
+ }
+
+ /**
+ * Finishes a multi-part transformation or does an entire
+ * transformation on the input, and returns the transformed bytes.
+ *
+ * @param input The final input bytes.
+ * @return The final transformed bytes.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ */
+ public final byte[] doFinal(byte[] input)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
+ {
+ return doFinal(input, 0, input.length);
+ }
+
+ /**
+ * Finishes a multi-part transformation or does an entire
+ * transformation on the input, and returns the transformed bytes.
+ *
+ * @param input The final input bytes.
+ * @param inputOffset The index in the input bytes to start.
+ * @param inputLength The number of bytes to read from the input.
+ * @return The final transformed bytes.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ */
+ public final byte[] doFinal(byte[] input, int inputOffset, int inputLength)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
+ {
+ if (cipherSpi == null)
+ {
+ byte[] b = new byte[inputLength];
+ System.arraycopy(input, inputOffset, b, 0, inputLength);
+ return b;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException("neither encrypting nor decrypting");
+ }
+ state = INITIAL_STATE;
+ return cipherSpi.engineDoFinal(input, inputOffset, inputLength);
+ }
+
+ /**
+ * Finishes a multi-part transformation and stores the transformed
+ * bytes into the given array.
+ *
+ * @param output The destination for the transformed bytes.
+ * @param outputOffset The offset in <tt>output</tt> to start storing
+ * bytes.
+ * @return The number of bytes placed into the output array.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ * @throws javax.crypto.ShortBufferException If the output array is
+ * not large enough to hold the transformed bytes.
+ */
+ public final int doFinal(byte[] output, int outputOffset)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException,
+ ShortBufferException
+ {
+ if (cipherSpi == null)
+ {
+ return 0;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException("neither encrypting nor decrypting");
+ }
+ state = INITIAL_STATE;
+ return cipherSpi.engineDoFinal(new byte[0], 0, 0, output, outputOffset);
+ }
+
+ /**
+ * Finishes a multi-part transformation or transforms a portion of a
+ * byte array, and stores the result in the given byte array.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in <tt>input</tt> to start.
+ * @param inputLength The number of bytes to transform.
+ * @param output The output buffer.
+ * @param outputOffset The index in <tt>output</tt> to start.
+ * @return The number of bytes placed into the output array.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ * @throws javax.crypto.ShortBufferException If the output array is
+ * not large enough to hold the transformed bytes.
+ */
+ public final int doFinal(byte[] input, int inputOffset, int inputLength,
+ byte[] output, int outputOffset)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException,
+ ShortBufferException
+ {
+ if (cipherSpi == null)
+ {
+ if (inputLength > output.length - outputOffset)
+ {
+ throw new ShortBufferException();
+ }
+ System.arraycopy(input, inputOffset, output, outputOffset, inputLength);
+ return inputLength;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException("neither encrypting nor decrypting");
+ }
+ state = INITIAL_STATE;
+ return cipherSpi.engineDoFinal(input, inputOffset, inputLength,
+ output, outputOffset);
+ }
+
+ public final int doFinal(byte[] input, int inputOffset, int inputLength,
+ byte[] output)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException,
+ ShortBufferException
+ {
+ return doFinal(input, inputOffset, inputLength, output, 0);
+ }
+
+ /**
+ * Returns the size an output buffer needs to be if this cipher is
+ * updated with a number of bytes.
+ *
+ * @param inputLength The input length.
+ * @return The output length given this input length.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ */
+ public final int getOutputSize(int inputLength) throws IllegalStateException
+ {
+ if (cipherSpi == null)
+ {
+ return inputLength;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException("neither encrypting nor decrypting");
+ }
+ return cipherSpi.engineGetOutputSize(inputLength);
+ }
+
+ /**
+ * <p>Initialize this cipher with the public key from the given
+ * certificate.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>As per the Java 1.4 specification, if <code>cert</code> is an
+ * instance of an {@link java.security.cert.X509Certificate} and its
+ * <i>key usage</i> extension field is incompatible with
+ * <code>opmode</code> then an {@link
+ * java.security.InvalidKeyException} is thrown.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) than the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param certificate The certificate.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the certificate's public key, or if the
+ * public key cannot be used as described above.
+ */
+ public final void init(int opmode, Certificate certificate)
+ throws InvalidKeyException
+ {
+ init(opmode, certificate, new SecureRandom());
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) than the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ */
+ public final void init(int opmode, Key key) throws InvalidKeyException
+ {
+ state = opmode;
+ if (cipherSpi != null)
+ {
+ cipherSpi.engineInit(opmode, key, new SecureRandom());
+ }
+ }
+
+ /**
+ * <p>Initialize this cipher with the public key from the given
+ * certificate and the specified source of randomness.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>As per the Java 1.4 specification, if <code>cert</code> is an
+ * instance of an {@link java.security.cert.X509Certificate} and its
+ * <i>key usage</i> extension field is incompatible with
+ * <code>opmode</code> then an {@link
+ * java.security.InvalidKeyException} is thrown.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) than the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param certificate The certificate.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the certificate's public key, or if the
+ * public key cannot be used as described above.
+ */
+ public final void
+ init(int opmode, Certificate certificate, SecureRandom random)
+ throws InvalidKeyException
+ {
+ if (certificate instanceof X509Certificate)
+ {
+ boolean[] keyInfo = ((X509Certificate) certificate).getKeyUsage();
+ if (keyInfo != null)
+ {
+ switch (opmode)
+ {
+ case DECRYPT_MODE:
+ if (!keyInfo[3])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key cannot be used for transforming data");
+ }
+ if (keyInfo[7])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key can only be used for encryption");
+ }
+ break;
+
+ case ENCRYPT_MODE:
+ if (!keyInfo[3])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key cannot be used for transforming data");
+ }
+ if (keyInfo[8])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key can only be used for decryption");
+ }
+ break;
+
+ case UNWRAP_MODE:
+ if (!keyInfo[2] || keyInfo[7])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key cannot be used for key unwrapping");
+ }
+ break;
+
+ case WRAP_MODE:
+ if (!keyInfo[2] || keyInfo[8])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key cannot be used for key wrapping");
+ }
+ break;
+ }
+ }
+ }
+ init(opmode, certificate.getPublicKey(), random);
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key and source of
+ * randomness.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ */
+ public final void init(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException
+ {
+ state = opmode;
+ if (cipherSpi != null)
+ {
+ cipherSpi.engineInit(opmode, key, random);
+ }
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key and parameters.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) then the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param params The algorithm parameters to initialize this instance
+ * with.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate for this cipher.
+ */
+ public final void init(int opmode, Key key, AlgorithmParameters params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ init(opmode, key, params, new SecureRandom());
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key and parameters.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) then the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param params The algorithm parameters to initialize this instance
+ * with.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate for this cipher.
+ */
+ public final void init(int opmode, Key key, AlgorithmParameterSpec params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ init(opmode, key, params, new SecureRandom());
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key, parameters, and
+ * source of randomness.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param params The algorithm parameters to initialize this instance
+ * with.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate for this cipher.
+ */
+ public final void init(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ state = opmode;
+ if (cipherSpi != null)
+ {
+ cipherSpi.engineInit(opmode, key, params, random);
+ }
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key, parameters, and
+ * source of randomness.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param params The algorithm parameters to initialize this instance
+ * with.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate for this cipher.
+ */
+ public final void init(int opmode, Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ state = opmode;
+ if (cipherSpi != null)
+ {
+ cipherSpi.engineInit(opmode, key, params, random);
+ }
+ }
+
+ /**
+ * Unwrap a previously-wrapped key.
+ *
+ * @param wrappedKey The wrapped key.
+ * @param wrappedKeyAlgorithm The algorithm with which the key was
+ * wrapped.
+ * @param wrappedKeyType The type of key (public, private, or
+ * secret) that this wrapped key respresents.
+ * @return The unwrapped key.
+ * @throws java.lang.IllegalStateException If this instance has not be
+ * initialized for unwrapping.
+ * @throws java.security.InvalidKeyException If <code>wrappedKey</code>
+ * is not a wrapped key, if the algorithm cannot unwrap this
+ * key, or if the unwrapped key's type differs from the
+ * specified type.
+ * @throws java.security.NoSuchAlgorithmException If
+ * <code>wrappedKeyAlgorithm</code> is not a valid algorithm
+ * name.
+ */
+ public final Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws IllegalStateException, InvalidKeyException, NoSuchAlgorithmException
+ {
+ if (cipherSpi == null)
+ {
+ return null;
+ }
+ if (state != UNWRAP_MODE)
+ {
+ throw new IllegalStateException("instance is not for unwrapping");
+ }
+ return cipherSpi.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+
+ /**
+ * Continue a multi-part transformation on an entire byte array,
+ * returning the transformed bytes.
+ *
+ * @param input The input bytes.
+ * @return The transformed bytes.
+ * @throws java.lang.IllegalStateException If this cipher was not
+ * initialized for encryption or decryption.
+ */
+ public final byte[] update(byte[] input) throws IllegalStateException
+ {
+ return update(input, 0, input.length);
+ }
+
+ /**
+ * Continue a multi-part transformation on part of a byte array,
+ * returning the transformed bytes.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input to start.
+ * @param inputLength The number of bytes to transform.
+ * @return The transformed bytes.
+ * @throws java.lang.IllegalStateException If this cipher was not
+ * initialized for encryption or decryption.
+ */
+ public final byte[] update(byte[] input, int inputOffset, int inputLength)
+ throws IllegalStateException
+ {
+ if (cipherSpi == null)
+ {
+ byte[] b = new byte[inputLength];
+ System.arraycopy(input, inputOffset, b, 0, inputLength);
+ return b;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException(
+ "cipher is not for encrypting or decrypting");
+ }
+ return cipherSpi.engineUpdate(input, inputOffset, inputLength);
+ }
+
+ /**
+ * Continue a multi-part transformation on part of a byte array,
+ * placing the transformed bytes into the given array.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input to start.
+ * @param inputLength The number of bytes to transform.
+ * @param output The output byte array.
+ * @return The number of transformed bytes.
+ * @throws java.lang.IllegalStateException If this cipher was not
+ * initialized for encryption or decryption.
+ * @throws javax.security.ShortBufferException If there is not enough
+ * room in the output array to hold the transformed bytes.
+ */
+ public final int update(byte[] input, int inputOffset, int inputLength,
+ byte[] output)
+ throws IllegalStateException, ShortBufferException
+ {
+ return update(input, inputOffset, inputLength, output, 0);
+ }
+
+ /**
+ * Continue a multi-part transformation on part of a byte array,
+ * placing the transformed bytes into the given array.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input to start.
+ * @param inputLength The number of bytes to transform.
+ * @param output The output byte array.
+ * @param outputOffset The index in the output array to start.
+ * @return The number of transformed bytes.
+ * @throws java.lang.IllegalStateException If this cipher was not
+ * initialized for encryption or decryption.
+ * @throws javax.security.ShortBufferException If there is not enough
+ * room in the output array to hold the transformed bytes.
+ */
+ public final int update(byte[] input, int inputOffset, int inputLength,
+ byte[] output, int outputOffset)
+ throws IllegalStateException, ShortBufferException
+ {
+ if (cipherSpi == null)
+ {
+ if (inputLength > output.length - outputOffset)
+ {
+ throw new ShortBufferException();
+ }
+ System.arraycopy(input, inputOffset, output, outputOffset, inputLength);
+ return inputLength;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException(
+ "cipher is not for encrypting or decrypting");
+ }
+ return cipherSpi.engineUpdate(input, inputOffset, inputLength,
+ output, outputOffset);
+ }
+
+ /**
+ * Wrap a key.
+ *
+ * @param key The key to wrap.
+ * @return The wrapped key.
+ * @throws java.lang.IllegalStateException If this instance was not
+ * initialized for key wrapping.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the key is not a multiple of the block size.
+ * @throws java.security.InvalidKeyException If this instance cannot
+ * wrap this key.
+ */
+ public final byte[] wrap(Key key)
+ throws IllegalStateException, IllegalBlockSizeException, InvalidKeyException
+ {
+ if (cipherSpi == null)
+ {
+ return null;
+ }
+ if (state != WRAP_MODE)
+ {
+ throw new IllegalStateException("instance is not for key wrapping");
+ }
+ return cipherSpi.engineWrap(key);
+ }
+}
--- /dev/null
+/* CipherInputStream.java -- Filters input through a cipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * This is an {@link java.io.InputStream} that filters its data
+ * through a {@link Cipher} before returning it. The <code>Cipher</code>
+ * argument must have been initialized before it is passed to the
+ * constructor.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class CipherInputStream extends FilterInputStream
+{
+
+ // Constants and variables.
+ // ------------------------------------------------------------------------
+
+ /**
+ * The underlying {@link Cipher} instance.
+ */
+ private Cipher cipher;
+
+ /**
+ * Data that has been transformed but not read.
+ */
+ private byte[] outBuffer;
+
+ /**
+ * The offset into {@link #outBuffer} where valid data starts.
+ */
+ private int outOffset;
+
+ /**
+ * The number of valid bytes in the {@link #outBuffer}.
+ */
+ private int outLength;
+
+ /**
+ * Byte buffer that is filled with raw data from the underlying input
+ * stream.
+ */
+ private byte[][] inBuffer;
+
+ /**
+ * The amount of bytes in inBuffer[0] that may be input to the cipher.
+ */
+ private int inLength;
+
+ /**
+ * We set this when the cipher block size is 1, meaning that we can
+ * transform any amount of data.
+ */
+ private boolean isStream;
+
+ private static final int VIRGIN = 0; // I am born.
+ private static final int LIVING = 1; // I am nailed to the hull.
+ private static final int DYING = 2; // I am eaten by sharks.
+ private static final int DEAD = 3;
+ private int state;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new input stream with a source input stream and cipher.
+ *
+ * @param in The underlying input stream.
+ * @param cipher The cipher to filter data through.
+ */
+ public CipherInputStream(InputStream in, Cipher cipher)
+ {
+ this(in);
+ this.cipher = cipher;
+ if (!(isStream = cipher.getBlockSize() == 1))
+ {
+ inBuffer = new byte[2][];
+ inBuffer[0] = new byte[cipher.getBlockSize()];
+ inBuffer[1] = new byte[cipher.getBlockSize()];
+ inLength = 0;
+ outBuffer = new byte[cipher.getBlockSize()];
+ outOffset = outLength = 0;
+ state = VIRGIN;
+ }
+ }
+
+ /**
+ * Creates a new input stream without a cipher. This constructor is
+ * <code>protected</code> because this class does not work without an
+ * underlying cipher.
+ *
+ * @param in The underlying input stream.
+ */
+ protected CipherInputStream(InputStream in)
+ {
+ super(in);
+ }
+
+ // Instance methods overriding java.io.FilterInputStream.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the number of bytes available without blocking. The value
+ * returned by this method is never greater than the underlying
+ * cipher's block size.
+ *
+ * @return The number of bytes immediately available.
+ * @throws java.io.IOException If an I/O exception occurs.
+ */
+ public int available() throws IOException
+ {
+ if (isStream)
+ return super.available();
+ return outLength - outOffset;
+ }
+
+ /**
+ * Close this input stream. This method merely calls the {@link
+ * java.io.InputStream#close()} method of the underlying input stream.
+ *
+ * @throws java.io.IOException If an I/O exception occurs.
+ */
+ public void close() throws IOException
+ {
+ super.close();
+ }
+
+ /**
+ * Read a single byte from this input stream; returns -1 on the
+ * end-of-file.
+ *
+ * @return The byte read, or -1 if there are no more bytes.
+ * @throws java.io.IOExcpetion If an I/O exception occurs.
+ */
+ public int read() throws IOException
+ {
+ if (isStream)
+ {
+ byte[] buf = new byte[1];
+ int in = super.read();
+ if (in == -1)
+ return -1;
+ buf[0] = (byte) in;
+ try
+ {
+ cipher.update(buf, 0, 1, buf, 0);
+ }
+ catch (ShortBufferException shouldNotHappen)
+ {
+ throw new IOException(shouldNotHappen.getMessage());
+ }
+ return buf[0] & 0xFF;
+ }
+ if (state == DEAD) return -1;
+ if (available() == 0) nextBlock();
+ if (state == DEAD) return -1;
+ return outBuffer[outOffset++] & 0xFF;
+ }
+
+ /**
+ * Read bytes into an array, returning the number of bytes read or -1
+ * on the end-of-file.
+ *
+ * @param buf The byte array to read into.
+ * @param off The offset in <code>buf</code> to start.
+ * @param len The maximum number of bytes to read.
+ * @return The number of bytes read, or -1 on the end-of-file.
+ * @throws java.io.IOException If an I/O exception occurs.
+ */
+ public int read(byte[] buf, int off, int len) throws IOException
+ {
+ if (isStream)
+ {
+ len = super.read(buf, off, len);
+ try
+ {
+ cipher.update(buf, off, len, buf, off);
+ }
+ catch (ShortBufferException shouldNotHappen)
+ {
+ throw new IOException(shouldNotHappen.getMessage());
+ }
+ return len;
+ }
+
+ int count = 0;
+ while (count < len)
+ {
+ if (available() == 0)
+ nextBlock();
+ if (state == DEAD)
+ {
+ if (count > 0) return count;
+ else return -1;
+ }
+ int l = Math.min(available(), len - count);
+ System.arraycopy(outBuffer, outOffset, buf, count+off, l);
+ count += l;
+ outOffset = outLength = 0;
+ }
+ return count;
+ }
+
+ /**
+ * Read bytes into an array, returning the number of bytes read or -1
+ * on the end-of-file.
+ *
+ * @param buf The byte arry to read into.
+ * @return The number of bytes read, or -1 on the end-of-file.
+ * @throws java.io.IOException If an I/O exception occurs.
+ */
+ public int read(byte[] buf) throws IOException
+ {
+ return read(buf, 0, buf.length);
+ }
+
+ /**
+ * Skip a number of bytes. This class only supports skipping as many
+ * bytes as are returned by {@link #available()}, which is the number
+ * of transformed bytes currently in this class's internal buffer.
+ *
+ * @param bytes The number of bytes to skip.
+ * @return The number of bytes skipped.
+ */
+ public long skip(long bytes) throws IOException
+ {
+ if (isStream)
+ {
+ return super.skip(bytes);
+ }
+ long ret = 0;
+ if (bytes > 0 && available() > 0)
+ {
+ ret = available();
+ outOffset = outLength = 0;
+ }
+ return ret;
+ }
+
+ /**
+ * Returns whether or not this input stream supports the {@link
+ * #mark(long)} and {@link #reset()} methods; this input stream does
+ * not, however, and invariably returns <code>false</code>.
+ *
+ * @return <code>false</code>
+ */
+ public boolean markSupported()
+ {
+ return false;
+ }
+
+ /**
+ * Set the mark. This method is unsupported and is empty.
+ *
+ * @param mark Is ignored.
+ */
+ public void mark(long mark)
+ {
+ }
+
+ /**
+ * Reset to the mark. This method is unsupported and is empty.
+ */
+ public void reset() throws IOException
+ {
+ throw new IOException("reset not supported");
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private void nextBlock() throws IOException
+ {
+ byte[] temp = inBuffer[0];
+ inBuffer[0] = inBuffer[1];
+ inBuffer[1] = temp;
+ int count = 0;
+ boolean eof = false;
+
+ if (state == VIRGIN || state == LIVING)
+ {
+ do
+ {
+ int l = in.read(inBuffer[1], count, inBuffer[1].length - count);
+ if (l == -1)
+ {
+ eof = true;
+ break;
+ }
+ count += l;
+ }
+ while (count < inBuffer[1].length);
+ }
+
+ try
+ {
+ switch (state)
+ {
+ case VIRGIN:
+ state = LIVING;
+ nextBlock();
+ break;
+ case LIVING:
+ if (eof)
+ {
+ if (count > 0)
+ {
+ outOffset = cipher.update(inBuffer[0], 0, inLength, outBuffer, 0);
+ state = DYING;
+ }
+ else
+ {
+ outOffset = cipher.doFinal(inBuffer[0], 0, inLength, outBuffer, 0);
+ state = DEAD;
+ }
+ }
+ else
+ {
+ outOffset = cipher.update(inBuffer[0], 0, inLength, outBuffer, 0);
+ }
+ break;
+ case DYING:
+ outOffset = cipher.doFinal(inBuffer[0], 0, inLength, outBuffer, 0);
+ state = DEAD;
+ break;
+ case DEAD:
+ }
+ }
+ catch (ShortBufferException sbe)
+ {
+ throw new IOException(sbe.toString());
+ }
+ catch (BadPaddingException bpe)
+ {
+ throw new IOException(bpe.toString());
+ }
+ catch (IllegalBlockSizeException ibse)
+ {
+ throw new IOException(ibse.toString());
+ }
+ inLength = count;
+ }
+}
--- /dev/null
+/* CipherOutputStream.java -- Filters output through a cipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * A filtered output stream that transforms data written to it with a
+ * {@link Cipher} before sending it to the underlying output stream.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class CipherOutputStream extends FilterOutputStream
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The underlying cipher. */
+ private Cipher cipher;
+
+ private byte[][] inBuffer;
+
+ private int inLength;
+
+ private byte[] outBuffer;
+
+ private static final int FIRST_TIME = 0;
+ private static final int SECOND_TIME = 1;
+ private static final int SEASONED = 2;
+ private int state;
+
+ /** True if the cipher is a stream cipher (blockSize == 1) */
+ private boolean isStream;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new cipher output stream. The cipher argument must have
+ * already been initialized.
+ *
+ * @param out The sink for transformed data.
+ * @param cipher The cipher to transform data with.
+ */
+ public CipherOutputStream(OutputStream out, Cipher cipher)
+ {
+ super(out);
+ if (cipher != null)
+ {
+ this.cipher = cipher;
+ if (!(isStream = cipher.getBlockSize() == 1))
+ {
+ inBuffer = new byte[2][];
+ inBuffer[0] = new byte[cipher.getBlockSize()];
+ inBuffer[1] = new byte[cipher.getBlockSize()];
+ inLength = 0;
+ state = FIRST_TIME;
+ }
+ }
+ else
+ this.cipher = new NullCipher();
+ }
+
+ /**
+ * Create a cipher output stream with no cipher.
+ *
+ * @param out The sink for transformed data.
+ */
+ protected CipherOutputStream(OutputStream out)
+ {
+ super(out);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Close this output stream, and the sink output stream.
+ *
+ * <p>This method will first invoke the {@link Cipher#doFinal()}
+ * method of the underlying {@link Cipher}, and writes the output of
+ * that method to the sink output stream.
+ *
+ * @throws java.io.IOException If an I/O error occurs, or if an error
+ * is caused by finalizing the transformation.
+ */
+ public void close() throws IOException
+ {
+ try
+ {
+ int len;
+ if (state != FIRST_TIME)
+ {
+ len = cipher.update(inBuffer[0], 0, inBuffer[0].length, outBuffer);
+ out.write(outBuffer, 0, len);
+ }
+ len = cipher.doFinal(inBuffer[0], 0, inLength, outBuffer);
+ out.write(outBuffer, 0, len);
+ }
+ catch (javax.crypto.IllegalBlockSizeException ibse)
+ {
+ throw new IOException(ibse.toString());
+ }
+ catch (javax.crypto.BadPaddingException bpe)
+ {
+ throw new IOException(bpe.toString());
+ }
+ catch (ShortBufferException sbe)
+ {
+ throw new IOException(sbe.toString());
+ }
+ out.flush();
+ out.close();
+ }
+
+ /**
+ * Flush any pending output.
+ *
+ * @throws java.io.IOException If an I/O error occurs.
+ */
+ public void flush() throws IOException
+ {
+ out.flush();
+ }
+
+ /**
+ * Write a single byte to the output stream.
+ *
+ * @param b The next byte.
+ * @throws java.io.IOException If an I/O error occurs, or if the
+ * underlying cipher is not in the correct state to transform
+ * data.
+ */
+ public void write(int b) throws IOException
+ {
+ if (isStream)
+ {
+ byte[] buf = new byte[] { (byte) b };
+ try
+ {
+ cipher.update(buf, 0, 1, buf, 0);
+ }
+ catch (ShortBufferException sbe)
+ {
+ throw new IOException(sbe.toString());
+ }
+ out.write(buf);
+ return;
+ }
+ inBuffer[1][inLength++] = (byte) b;
+ if (inLength == inBuffer[1].length)
+ process();
+ }
+
+ /**
+ * Write a byte array to the output stream.
+ *
+ * @param buf The next bytes.
+ * @throws java.io.IOException If an I/O error occurs, or if the
+ * underlying cipher is not in the correct state to transform
+ * data.
+ */
+ public void write(byte[] buf) throws IOException
+ {
+ write(buf, 0, buf.length);
+ }
+
+ /**
+ * Write a portion of a byte array to the output stream.
+ *
+ * @param buf The next bytes.
+ * @param off The offset in the byte array to start.
+ * @param len The number of bytes to write.
+ * @throws java.io.IOException If an I/O error occurs, or if the
+ * underlying cipher is not in the correct state to transform
+ * data.
+ */
+ public void write(byte[] buf, int off, int len) throws IOException
+ {
+ if (isStream)
+ {
+ out.write(cipher.update(buf, off, len));
+ return;
+ }
+ int count = 0;
+ while (count < len)
+ {
+ int l = Math.min(inBuffer[1].length - inLength, len - count);
+ System.arraycopy(buf, off+count, inBuffer[1], inLength, l);
+ count += l;
+ inLength += l;
+ if (inLength == inBuffer[1].length)
+ process();
+ }
+ }
+
+ // Own method.
+ // -------------------------------------------------------------------------
+
+ private void process() throws IOException
+ {
+ if (state == SECOND_TIME)
+ {
+ state = SEASONED;
+ }
+ else
+ {
+ byte[] temp = inBuffer[0];
+ inBuffer[0] = inBuffer[1];
+ inBuffer[1] = temp;
+ }
+ if (state == FIRST_TIME)
+ {
+ inLength = 0;
+ state = SECOND_TIME;
+ return;
+ }
+ try
+ {
+ cipher.update(inBuffer[0], 0, inBuffer[0].length, outBuffer);
+ }
+ catch (ShortBufferException sbe)
+ {
+ throw new IOException(sbe.toString());
+ }
+ out.write(outBuffer);
+ inLength = 0;
+ }
+}
--- /dev/null
+/* CipherSpi.java -- The cipher service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * <p>This class represents the <i>Service Provider Interface</i>
+ * (<b>SPI</b>) for cryptographic ciphers.</p>
+ *
+ * <p>Providers of cryptographic ciphers must subclass this for every
+ * cipher they implement, implementing the abstract methods as
+ * appropriate, then provide an entry that points to the subclass in
+ * their implementation of {@link java.security.Provider}.</p>
+ *
+ * <p>CipherSpi objects are instantiated along with {@link Cipher}s when
+ * the {@link Cipher#getInstance(java.lang.String)} methods are invoked.
+ * Particular ciphers are referenced by a <i>transformation</i>, which
+ * is a String consisting of the cipher's name or the ciper's name
+ * followed by a mode and a padding. Transformations all follow the
+ * general form:</p>
+ *
+ * <ul>
+ * <li><i>algorithm</i>, or</li>
+ * <li><i>algorithm</i>/<i>mode</i>/<i>padding</i>
+ * </ul>
+ *
+ * <p>Cipher names in the master {@link java.security.Provider} class
+ * may be:</p>
+ *
+ * <ol>
+ * <li>The algorithm's name, which uses a pluggable mode and padding:
+ * <code>Cipher.<i>algorithm</i></code></li>
+ * <li>The algorithm's name and the mode, which uses pluggable padding:
+ * <code>Cipher.<i>algorithm</i>/<i>mode</i></code></li>
+ * <li>The algorithm's name and the padding, which uses a pluggable
+ * mode: <code>Cipher.<i>algorithm</i>//<i>padding</i></code></li>
+ * <li>The algorihtm's name, the mode, and the padding:
+ * <code>Cipher.<i>algorithm</i>/<i>mode</i>/<i>padding</i></code></li>
+ * </ol>
+ *
+ * <p>When any {@link Cipher#getInstance(java.lang.String)} method is
+ * invoked, the following happens if the transformation is simply
+ * <i>algorithm</i>:</p>
+ *
+ * <ol>
+ * <li>If the provider defines a <code>CipherSpi</code> implementation
+ * for "<i>algorithm</i>", return it. Otherwise throw a {@link
+ * java.security.NoSuchAlgorithmException}.</li>
+ * </ol>
+ *
+ * <p>If the transformation is of the form
+ * <i>algorithm</i>/<i>mode</i>/<i>padding</i>:</p>
+ *
+ * <ol>
+ * <li>If the provider defines a <code>CipherSpi</code> subclass for
+ * "<i>algorithm</i>/<i>mode</i>/<i>padding</i>", return it. Otherwise
+ * go to step 2.</li>
+ *
+ * <li>If the provider defines a <code>CipherSpi</code> subclass for
+ * "<i>algorithm</i>/<i>mode</i>", instatiate it, call {@link
+ * #engineSetPadding(java.lang.String)} for the padding name, and return
+ * it. Otherwise go to step 3.</li>
+ *
+ * <li>If the provider defines a <code>CipherSpi</code> subclass for
+ * "<i>algorithm</i>//<i>padding</i>", instatiate it, call {@link
+ * #engineSetMode(java.lang.String)} for the mode name, and return
+ * it. Otherwise go to step 4.</li>
+ *
+ * <li>If the provider defines a <code>CipherSpi</code> subclass for
+ * "<i>algorithm</i>", instatiate it, call {@link
+ * #engineSetMode(java.lang.String)} for the mode name, call {@link
+ * #engineSetPadding(java.lang.String)} for the padding name, and return
+ * it. Otherwise throw a {@link java.security.NoSuchAlgorithmException}.</li>
+ * </ol>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public abstract class CipherSpi
+{
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new CipherSpi.
+ */
+ public CipherSpi()
+ {
+ }
+
+ // Abstract methods to be implemented by providers.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Finishes a multi-part transformation or transforms a portion of a
+ * byte array, and returns the transformed bytes.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input at which to start.
+ * @param inputLength The number of bytes to transform.
+ * @return The transformed bytes in a new array.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input size is not a multiple of the
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is being
+ * used for decryption and the padding is not appropriate for
+ * this instance's padding scheme.
+ */
+ protected abstract byte[]
+ engineDoFinal(byte[] input, int inputOffset, int inputLength)
+ throws IllegalBlockSizeException, BadPaddingException;
+
+ /**
+ * Finishes a multi-part transformation or transforms a portion of a
+ * byte array, and stores the transformed bytes in the supplied array.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input at which to start.
+ * @param inputLength The number of bytes to transform.
+ * @param output The output byte array.
+ * @param outputOffset The index in the output array at which to start.
+ * @return The number of transformed bytes stored in the output array.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input size is not a multiple of the
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is being
+ * used for decryption and the padding is not appropriate for
+ * this instance's padding scheme.
+ * @throws javax.crypto.ShortBufferException If there is not enough
+ * space in the output array for the transformed bytes.
+ */
+ protected abstract int
+ engineDoFinal(byte[] input, int inputOffset, int inputLength,
+ byte[] output, int outputOffset)
+ throws IllegalBlockSizeException, BadPaddingException, ShortBufferException;
+
+ /**
+ * Returns the block size of the underlying cipher.
+ *
+ * @return The block size.
+ */
+ protected abstract int engineGetBlockSize();
+
+ /**
+ * Returns the initializaiton vector this cipher was initialized with,
+ * if any.
+ *
+ * @return The IV, or null if this cipher uses no IV or if this
+ * instance has not been initialized yet.
+ */
+ protected abstract byte[] engineGetIV();
+
+ /**
+ * <p>Return the length of the given key in bits.</p>
+ *
+ * <p>For compatibility this method is not declared
+ * <code>abstract</code>, and the default implementation will throw an
+ * {@link java.lang.UnsupportedOperationException}. Concrete
+ * subclasses should override this method to return the correct
+ * value.</p>
+ *
+ * @param key The key to get the size for.
+ * @return The size of the key, in bits.
+ * @throws java.security.InvalidKeyException If the key's length
+ * cannot be determined by this implementation.
+ */
+ protected int engineGetKeySize(Key key) throws InvalidKeyException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * <p>Returns the size, in bytes, an output buffer must be for a call
+ * to {@link #engineUpdate(byte[],int,int,byte[],int)} or {@link
+ * #engineDoFinal(byte[],int,int,byte[],int)} to succeed.</p>
+ *
+ * <p>The actual output length may be smaller than the value returned
+ * by this method, as it considers the padding length as well. The
+ * length considered is the argument plus the length of any buffered,
+ * unprocessed bytes.</p>
+ *
+ * @param inputLength The input length, in bytes.
+ * @return The size an output buffer must be.
+ */
+ protected abstract int engineGetOutputSize(int inputLength);
+
+ /**
+ * Returns the parameters that this cipher is using. This may be the
+ * parameters used to initialize this cipher, or it may be parameters
+ * that have been initialized with random values.
+ *
+ * @return This cipher's parameters, or <code>null</code> if this
+ * cipher does not use parameters.
+ */
+ protected abstract AlgorithmParameters engineGetParameters();
+
+ /**
+ * Initializes this cipher with an operation mode, key, and source of
+ * randomness. If this cipher requires any other initializing data,
+ * for example an initialization vector, then it should generate it
+ * from the provided source of randomness.
+ *
+ * @param opmode The operation mode, one of {@link
+ * Cipher#DECRYPT_MODE}, {@link Cipher#ENCRYPT_MODE}, {@link
+ * Cipher#UNWRAP_MODE}, or {@link Cipher#WRAP_MODE}.
+ * @param key The key to initialize this cipher with.
+ * @param random The source of random bytes to use.
+ * @throws java.security.InvalidKeyException If the given key is not
+ * acceptable for this implementation.
+ */
+ protected abstract void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException;
+
+ /**
+ * Initializes this cipher with an operation mode, key, parameters,
+ * and source of randomness. If this cipher requires any other
+ * initializing data, for example an initialization vector, then it should
+ * generate it from the provided source of randomness.
+ *
+ * @param opmode The operation mode, one of {@link
+ * Cipher#DECRYPT_MODE}, {@link Cipher#ENCRYPT_MODE}, {@link
+ * Cipher#UNWRAP_MODE}, or {@link Cipher#WRAP_MODE}.
+ * @param key The key to initialize this cipher with.
+ * @param params The algorithm parameters to initialize with.
+ * @param random The source of random bytes to use.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * given parameters are not appropriate for this
+ * implementation.
+ * @throws java.security.InvalidKeyException If the given key is not
+ * acceptable for this implementation.
+ */
+ protected abstract void
+ engineInit(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException, InvalidKeyException;
+
+ /**
+ * Initializes this cipher with an operation mode, key, parameters,
+ * and source of randomness. If this cipher requires any other
+ * initializing data, for example an initialization vector, then it should
+ * generate it from the provided source of randomness.
+ *
+ * @param opmode The operation mode, one of {@link
+ * Cipher#DECRYPT_MODE}, {@link Cipher#ENCRYPT_MODE}, {@link
+ * Cipher#UNWRAP_MODE}, or {@link Cipher#WRAP_MODE}.
+ * @param key The key to initialize this cipher with.
+ * @param params The algorithm parameters to initialize with.
+ * @param random The source of random bytes to use.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * given parameters are not appropriate for this
+ * implementation.
+ * @throws java.security.InvalidKeyException If the given key is not
+ * acceptable for this implementation.
+ */
+ protected abstract void
+ engineInit(int opmode, Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException, InvalidKeyException;
+
+ /**
+ * Set the mode in which this cipher is to run.
+ *
+ * @param mode The name of the mode to use.
+ * @throws java.security.NoSuchAlgorithmException If the mode is
+ * not supported by this cipher's provider.
+ */
+ protected abstract void engineSetMode(String mode)
+ throws NoSuchAlgorithmException;
+
+ /**
+ * Set the method with which the input is to be padded.
+ *
+ * @param padding The name of the padding to use.
+ * @throws javax.crypto.NoSuchPaddingException If the padding is not
+ * supported by this cipher's provider.
+ */
+ protected abstract void engineSetPadding(String padding)
+ throws NoSuchPaddingException;
+
+ /**
+ * <p>Unwraps a previously-wrapped key.</p>
+ *
+ * <p>For compatibility this method is not declared
+ * <code>abstract</code>, and the default implementation will throw an
+ * {@link java.lang.UnsupportedOperationException}.</p>
+ *
+ * @param wrappedKey The wrapped key.
+ * @param wrappedKeyAlgorithm The name of the algorithm used to wrap
+ * this key.
+ * @param wrappedKeyType The type of wrapped key; one of
+ * {@link Cipher#PRIVATE_KEY},
+ * {@link Cipher#PUBLIC_KEY}, or
+ * {@link Cipher#SECRET_KEY}.
+ * @return The unwrapped key.
+ * @throws java.security.InvalidKeyException If the key cannot be
+ * unwrapped, or if <code>wrappedKeyType</code> is an
+ * inappropriate type for the unwrapped key.
+ * @throws java.security.NoSuchAlgorithmException If the
+ * <code>wrappedKeyAlgorithm</code> is unknown.
+ */
+ protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Continue with a multi-part transformation, returning a new array of
+ * the transformed bytes.
+ *
+ * @param input The next input bytes.
+ * @param inputOffset The index in the input array from which to start.
+ * @param inputLength The number of bytes to input.
+ * @return The transformed bytes.
+ */
+ protected abstract byte[]
+ engineUpdate(byte[] input, int inputOffset, int inputLength);
+
+ /**
+ * Continue with a multi-part transformation, storing the transformed
+ * bytes into the specified array.
+ *
+ * @param input The next input bytes.
+ * @param inputOffset The index in the input from which to start.
+ * @param inputLength The number of bytes to input.
+ * @param output The output buffer.
+ * @param outputOffset The index in the output array from which to start.
+ * @return The transformed bytes.
+ * @throws javax.crypto.ShortBufferException If there is not enough
+ * space in the output array to store the transformed bytes.
+ */
+ protected abstract int
+ engineUpdate(byte[] input, int inputOffset, int inputLength,
+ byte[] output, int outputOffset)
+ throws ShortBufferException;
+
+ /**
+ * <p>Wrap a key.</p>
+ *
+ * <p>For compatibility this method is not declared
+ * <code>abstract</code>, and the default implementation will throw an
+ * {@link java.lang.UnsupportedOperationException}.</p>
+ *
+ * @param key The key to wrap.
+ * @return The wrapped key.
+ * @throws java.security.InvalidKeyException If the key cannot be
+ * wrapped.
+ */
+ protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException
+ {
+ throw new UnsupportedOperationException();
+ }
+}
--- /dev/null
+/* EncryptedPrivateKeyInfo.java -- As in PKCS #8.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.IOException;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+/**
+ * An implementation of the <code>EncryptedPrivateKeyInfo</code> ASN.1
+ * type as specified in <a
+ * href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/">PKCS #8 -
+ * Private-Key Information Syntax Standard</a>.
+ *
+ * <p>The ASN.1 type <code>EncryptedPrivateKeyInfo</code> is:
+ *
+ * <blockquote>
+ * <pre>EncryptedPrivateKeyInfo ::= SEQUENCE {
+ * encryptionAlgorithm EncryptionAlgorithmIdentifier,
+ * encryptedData EncryptedData }
+ *
+ * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * EncrytpedData ::= OCTET STRING
+ *
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL }</pre>
+ * </blockquote>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see java.security.spec.PKCS8EncodedKeySpec
+ */
+public class EncryptedPrivateKeyInfo
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The encrypted data. */
+ private byte[] encryptedData;
+
+ /** The encoded, encrypted key. */
+ private byte[] encoded;
+
+ /** The OID of the encryption algorithm. */
+ private OID algOid;
+
+ /** The encryption algorithm's parameters. */
+ private AlgorithmParameters params;
+
+ /** The encoded ASN.1 algorithm parameters. */
+ private byte[] encodedParams;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new <code>EncryptedPrivateKeyInfo</code> object from raw
+ * encrypted data and the parameters used for encryption.
+ *
+ * <p>The <code>encryptedData</code> array is cloned.
+ *
+ * @param params The encryption algorithm parameters.
+ * @param encryptedData The encrypted key data.
+ * @throws java.lang.IllegalArgumentException If the
+ * <code>encryptedData</code> array is empty (zero-length).
+ * @throws java.security.NoSuchAlgorithmException If the algorithm
+ * specified in the parameters is not supported.
+ * @throws java.lang.NullPointerException If <code>encryptedData</code>
+ * is null.
+ */
+ public EncryptedPrivateKeyInfo(AlgorithmParameters params,
+ byte[] encryptedData)
+ throws IllegalArgumentException, NoSuchAlgorithmException
+ {
+ if (encryptedData.length == 0)
+ {
+ throw new IllegalArgumentException("0-length encryptedData");
+ }
+ this.params = params;
+ algOid = new OID(params.getAlgorithm());
+ this.encryptedData = (byte[]) encryptedData.clone();
+ }
+
+ /**
+ * Create a new <code>EncryptedPrivateKeyInfo</code> from an encoded
+ * representation, parsing the ASN.1 sequence.
+ *
+ * @param encoded The encoded info.
+ * @throws java.io.IOException If parsing the encoded data fails.
+ * @throws java.lang.NullPointerException If <code>encoded</code> is
+ * null.
+ */
+ public EncryptedPrivateKeyInfo(byte[] encoded)
+ throws IOException
+ {
+ this.encoded = (byte[]) encoded.clone();
+ decode();
+ }
+
+ /**
+ * Create a new <code>EncryptedPrivateKeyInfo</code> from the cipher
+ * name and the encrytpedData.
+ *
+ * <p>The <code>encryptedData</code> array is cloned.
+ *
+ * @param algName The name of the algorithm (as an object identifier).
+ * @param encryptedData The encrypted key data.
+ * @throws java.lang.IllegalArgumentException If the
+ * <code>encryptedData</code> array is empty (zero-length).
+ * @throws java.security.NoSuchAlgorithmException If algName is not
+ * the name of a supported algorithm.
+ * @throws java.lang.NullPointerException If <code>encryptedData</code>
+ * is null.
+ */
+ public EncryptedPrivateKeyInfo(String algName, byte[] encryptedData)
+ throws IllegalArgumentException, NoSuchAlgorithmException,
+ NullPointerException
+ {
+ if (encryptedData.length == 0)
+ {
+ throw new IllegalArgumentException("0-length encryptedData");
+ }
+ this.algOid = new OID(algName);
+ this.encryptedData = (byte[]) encryptedData.clone();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the name of the cipher used to encrypt this key.
+ *
+ * @return The algorithm name.
+ */
+ public String getAlgName()
+ {
+ return algOid.toString();
+ }
+
+ public AlgorithmParameters getAlgParameters()
+ {
+ if (params == null && encodedParams != null)
+ {
+ try
+ {
+ params = AlgorithmParameters.getInstance(getAlgName());
+ params.init(encodedParams);
+ }
+ catch (NoSuchAlgorithmException ignore)
+ {
+ }
+ catch (IOException ignore)
+ {
+ }
+ }
+ return params;
+ }
+
+ public synchronized byte[] getEncoded() throws IOException
+ {
+ if (encoded == null) encode();
+ return (byte[]) encoded.clone();
+ }
+
+ public byte[] getEncryptedData()
+ {
+ return encryptedData;
+ }
+
+ public PKCS8EncodedKeySpec getKeySpec(Cipher cipher)
+ throws InvalidKeySpecException
+ {
+ try
+ {
+ return new PKCS8EncodedKeySpec(cipher.doFinal(encryptedData));
+ }
+ catch (Exception x)
+ {
+ throw new InvalidKeySpecException(x.toString());
+ }
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private void decode() throws IOException
+ {
+ DERReader der = new DERReader(encoded);
+ DERValue val = der.read();
+ if (val.getTag() != DER.SEQUENCE)
+ throw new IOException("malformed EncryptedPrivateKeyInfo");
+ val = der.read();
+ if (val.getTag() != DER.SEQUENCE)
+ throw new IOException("malformed AlgorithmIdentifier");
+ int algpLen = val.getLength();
+ DERValue oid = der.read();
+ if (oid.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("malformed AlgorithmIdentifier");
+ algOid = (OID) oid.getValue();
+ if (algpLen == 0)
+ {
+ val = der.read();
+ if (val.getTag() != 0)
+ {
+ encodedParams = val.getEncoded();
+ der.read();
+ }
+ }
+ else if (oid.getEncodedLength() < val.getLength())
+ {
+ val = der.read();
+ encodedParams = val.getEncoded();
+ }
+ val = der.read();
+ if (val.getTag() != DER.OCTET_STRING)
+ throw new IOException("malformed AlgorithmIdentifier");
+ encryptedData = (byte[]) val.getValue();
+ }
+
+ private void encode() throws IOException
+ {
+ List algId = new ArrayList(2);
+ algId.add(new DERValue(DER.OBJECT_IDENTIFIER, algOid));
+ getAlgParameters();
+ if (params != null)
+ {
+ algId.add(DERReader.read(params.getEncoded()));
+ }
+ List epki = new ArrayList(2);
+ epki.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, algId));
+ epki.add(new DERValue(DER.OCTET_STRING, encryptedData));
+ encoded = new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, epki).getEncoded();
+ }
+}
--- /dev/null
+/* ExemptionMechanism.java -- Generic crypto-weakening mechanism.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import gnu.java.security.Engine;
+
+/**
+ * An exemption mechanism, which will conditionally allow cryptography
+ * where it is not normally allowed, implements things such as <i>key
+ * recovery</i>, <i>key weakening</i>, or <i>key escrow</i>.
+ *
+ * <p><b>Implementation note</b>: this class is present for
+ * API-compatibility only; it is not actually used anywhere in this library
+ * and this library does not, in general, support crypto weakening.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class ExemptionMechanism
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "ExemptionMechanism";
+ private ExemptionMechanismSpi emSpi;
+ private Provider provider;
+ private String mechanism;
+ private boolean virgin;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ protected ExemptionMechanism(ExemptionMechanismSpi emSpi, Provider provider,
+ String mechanism)
+ {
+ this.emSpi = emSpi;
+ this.provider = provider;
+ this.mechanism = mechanism;
+ virgin = true;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ public static final ExemptionMechanism getInstance(String mechanism)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ String msg = "";
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(mechanism, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ public static final ExemptionMechanism getInstance(String mechanism,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(mechanism, p);
+ }
+
+ public static final ExemptionMechanism getInstance(String mechanism,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new ExemptionMechanism((ExemptionMechanismSpi)
+ Engine.getInstance(SERVICE, mechanism, provider),
+ provider, mechanism);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ else
+ throw new NoSuchAlgorithmException(mechanism);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(mechanism);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ public final byte[] genExemptionBlob()
+ throws IllegalStateException, ExemptionMechanismException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return emSpi.engineGenExemptionBlob();
+ }
+
+ public final int genExemptionBlob(byte[] output)
+ throws IllegalStateException, ExemptionMechanismException,
+ ShortBufferException
+ {
+ return genExemptionBlob(output, 0);
+ }
+
+ public final int genExemptionBlob(byte[] output, int outputOffset)
+ throws IllegalStateException, ExemptionMechanismException,
+ ShortBufferException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return emSpi.engineGenExemptionBlob(output, outputOffset);
+ }
+
+ public final String getName()
+ {
+ return mechanism;
+ }
+
+ public final int getOutputSize(int inputLength) throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return emSpi.engineGetOutputSize(inputLength);
+ }
+
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ public final void init(Key key)
+ throws ExemptionMechanismException, InvalidKeyException
+ {
+ emSpi.engineInit(key);
+ virgin = false;
+ }
+
+ public final void init(Key key, AlgorithmParameters params)
+ throws ExemptionMechanismException, InvalidAlgorithmParameterException,
+ InvalidKeyException
+ {
+ emSpi.engineInit(key, params);
+ virgin = false;
+ }
+
+ public final void init(Key key, AlgorithmParameterSpec params)
+ throws ExemptionMechanismException, InvalidAlgorithmParameterException,
+ InvalidKeyException
+ {
+ emSpi.engineInit(key, params);
+ virgin = false;
+ }
+
+ public final boolean isCryptoAllowed(Key key)
+ throws ExemptionMechanismException
+ {
+ return true;
+ }
+}
--- /dev/null
+/* ExemptionMechanismException -- An error in an exemption mechanism.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with GNU Classpath; if not, write to the
+
+ Free Software Foundation, Inc.,
+ 59 Temple Place, Suite 330,
+ Boston, MA 02111-1307
+ USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under terms
+of your choice, provided that you also meet, for each linked independent
+module, the terms and conditions of the license of that module. An
+independent module is a module which is not derived from or based on
+this library. If you modify this library, you may extend this exception
+to your version of the library, but you are not obligated to do so. If
+you do not wish to do so, delete this exception statement from your
+version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Signals a general exception in an {@link ExemptionMechanism}.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class ExemptionMechanismException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Compatible with JDK1.4. */
+ private static final long serialVersionUID = 1572699429277957109L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new exception with no detail message.
+ */
+ public ExemptionMechanismException()
+ {
+ super();
+ }
+
+ /**
+ * Create a new exception with a detail message.
+ *
+ * @param message The detail message.
+ */
+ public ExemptionMechanismException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* ExemptionMechanismSpi.java -- Exemption mechanism service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for the {@link
+ * ExemptionMechanism} class.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public abstract class ExemptionMechanismSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new exemption mechanism SPI.
+ */
+ public ExemptionMechanismSpi()
+ {
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return a key blob for the key that this mechanism was initialized
+ * with.
+ *
+ * @return The key blob.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ */
+ protected abstract byte[] engineGenExemptionBlob()
+ throws ExemptionMechanismException;
+
+ /**
+ * Generate a key blob for the key that this mechanism was initialized
+ * with, storing it into the given byte array.
+ *
+ * @param output The destination for the key blob.
+ * @param outputOffset The index in the output array to start.
+ * @return The size of the key blob.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ * @throws javax.crypto.ShortBufferException If the output array is
+ * not large enough for the key blob.
+ */
+ protected abstract int engineGenExemptionBlob(byte[] output, int outputOffset)
+ throws ExemptionMechanismException, ShortBufferException;
+
+ /**
+ * Get the size of the output blob given an input key size. The actual
+ * blob may be shorter than the value returned by this method. Both
+ * values are in bytes.
+ *
+ * @param inputLength The input size.
+ * @return The output size.
+ */
+ protected abstract int engineGetOutputSize(int inputLength);
+
+ /**
+ * Initialize this mechanism with a key.
+ *
+ * @param key The key.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used.
+ */
+ protected abstract void engineInit(Key key)
+ throws ExemptionMechanismException, InvalidKeyException;
+
+ /**
+ * Initialize this mechanism with a key and parameters.
+ *
+ * @param key The key.
+ * @param params The parameters.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ * @throws java.security.InvalidAlgorithmParameterExceptin If the
+ * supplied parameters are inappropriate.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used.
+ */
+ protected abstract void engineInit(Key key, AlgorithmParameters params)
+ throws ExemptionMechanismException, InvalidAlgorithmParameterException,
+ InvalidKeyException;
+
+ /**
+ * Initialize this mechanism with a key and parameters.
+ *
+ * @param key The key.
+ * @param params The parameters.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ * @throws java.security.InvalidAlgorithmParameterExceptin If the
+ * supplied parameters are inappropriate.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used.
+ */
+ protected abstract void engineInit(Key key, AlgorithmParameterSpec params)
+ throws ExemptionMechanismException, InvalidAlgorithmParameterException,
+ InvalidKeyException;
+}
--- /dev/null
+/* IllegalBlockSizeException.java -- Signals illegal block sizes.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * This exception is thrown when finishing encryption without padding or
+ * decryption and the input is not a multiple of the cipher's block
+ * size.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class IllegalBlockSizeException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = -1965144811953540392L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ public IllegalBlockSizeException()
+ {
+ super();
+ }
+
+ public IllegalBlockSizeException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* KeyAgreement.java -- Engine for key agreement methods.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import gnu.java.security.Engine;
+
+/**
+ * Key agreement is a method in which two or more parties may agree on a
+ * secret key for symmetric cryptography or message authentication
+ * without transmitting any secrets in the clear. Key agreement
+ * algorithms typically use a public/private <i>key pair</i>, and the
+ * public key (along with some additional information) is sent across
+ * untrusted networks.
+ *
+ * <p>The most common form of key agreement used today is the
+ * <i>Diffie-Hellman key exchange algorithm</i>, described in <a
+ * href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/">PKCS #3 -
+ * Diffie Hellman Key Agreement Standard</a>.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see KeyGenerator
+ * @see SecretKey
+ */
+public class KeyAgreement
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "KeyAgreement";
+
+ /** The underlying key agreement implementation. */
+ private KeyAgreementSpi kaSpi;
+
+ /** The provider of this implementation. */
+ private Provider provider;
+
+ /** The name of this instance's algorithm. */
+ private String algorithm;
+
+ /** Singnals whether or not this instance has been initialized. */
+ private boolean virgin;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ protected KeyAgreement(KeyAgreementSpi kaSpi, Provider provider,
+ String algorithm)
+ {
+ this.kaSpi = kaSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ virgin = true;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get an implementation of an algorithm from the first provider that
+ * implements it.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @return The proper KeyAgreement instacne, if found.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm is not implemented by any installed provider.
+ */
+ public static final KeyAgreement getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ String msg = algorithm;
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ /**
+ * Get an implementation of an algorithm from a named provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The name of the provider from which to get the
+ * implementation.
+ * @return The proper KeyAgreement instance, if found.
+ * @throws java.security.NoSuchAlgorithmException If the named provider
+ * does not implement the algorithm.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public static final KeyAgreement getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Get an implementation of an algorithm from a specific provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The provider from which to get the implementation.
+ * @return The proper KeyAgreement instance, if found.
+ * @throws java.security.NoSuchAlgorithmException If this provider
+ * does not implement the algorithm.
+ */
+ public static final KeyAgreement getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new KeyAgreement((KeyAgreementSpi)
+ Engine.getInstance(SERVICE, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() == null)
+ throw new NoSuchAlgorithmException(algorithm);
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Do a phase in the key agreement. The number of times this method is
+ * called depends upon the algorithm and the number of parties
+ * involved, but must be called at least once with the
+ * <code>lastPhase</code> flag set to <code>true</code>.
+ *
+ * @param key The key for this phase.
+ * @param lastPhase Should be <code>true</code> if this will be the
+ * last phase before generating the shared secret.
+ * @return The intermediate result, or <code>null</code> if there is
+ * no intermediate result.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ * @throws java.security.InvalidKeyException If the key is
+ * inappropriate for this algorithm.
+ */
+ public final Key doPhase(Key key, boolean lastPhase)
+ throws IllegalStateException, InvalidKeyException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return kaSpi.engineDoPhase(key, lastPhase);
+ }
+
+ /**
+ * Generate the shared secret in a new byte array.
+ *
+ * @return The shared secret.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized, or if not enough calls to
+ * <code>doPhase</code> have been made.
+ */
+ public final byte[] generateSecret() throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return kaSpi.engineGenerateSecret();
+ }
+
+ /**
+ * Generate the shared secret and store it into the supplied array.
+ *
+ * @param sharedSecret The array in which to store the secret.
+ * @param offset The index in <code>sharedSecret</code> to start
+ * storing data.
+ * @return The length of the shared secret, in bytes.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized, or if not enough calls to
+ * <code>doPhase</code> have been made.
+ * @throws javax.crypto.ShortBufferException If the supplied array is
+ * not large enough to store the result.
+ */
+ public final int generateSecret(byte[] sharedSecret, int offset)
+ throws IllegalStateException, ShortBufferException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return kaSpi.engineGenerateSecret(sharedSecret, offset);
+ }
+
+ /**
+ * Generate the shared secret and return it as an appropriate {@link
+ * SecretKey}.
+ *
+ * @param algorithm The secret key's algorithm.
+ * @return The shared secret as a secret key.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized, or if not enough calls to
+ * <code>doPhase</code> have been made.
+ * @throws java.security.InvalidKeyException If the shared secret
+ * cannot be used to make a {@link SecretKey}.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm does not exist.
+ */
+ public final SecretKey generateSecret(String algorithm)
+ throws IllegalStateException, InvalidKeyException, NoSuchAlgorithmException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return kaSpi.engineGenerateSecret(algorithm);
+ }
+
+ /**
+ * Return the name of this key-agreement algorithm.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this key agreement with a key. This method will use the
+ * highest-priority {@link java.security.SecureRandom} as its source
+ * of randomness.
+ *
+ * @param key The key, usually the user's private key.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ public final void init(Key key) throws InvalidKeyException
+ {
+ init(key, new SecureRandom());
+ }
+
+ /**
+ * Initialize this key agreement with a key and a source of
+ * randomness.
+ *
+ * @param key The key, usually the user's private key.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ public final void init(Key key, SecureRandom random)
+ throws InvalidKeyException
+ {
+ kaSpi.engineInit(key, random);
+ virgin = false; // w00t!
+ }
+
+ /**
+ * Initialize this key agreement with a key and parameters. This
+ * method will use the highest-priority {@link
+ * java.security.SecureRandom} as its source of randomness.
+ *
+ * @param key The key, usually the user's private key.
+ * @param params The algorithm parameters.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are not appropriate.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ public final void init(Key key, AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException, InvalidKeyException
+ {
+ init(key, params, new SecureRandom());
+ }
+
+ /**
+ * Initialize this key agreement with a key, parameters, and source of
+ * randomness.
+ *
+ * @param key The key, usually the user's private key.
+ * @param params The algorithm parameters.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are not appropriate.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ public final void init(Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException, InvalidKeyException
+ {
+ kaSpi.engineInit(key, params, random);
+ virgin = false; // w00t!
+ }
+}
--- /dev/null
+/* KeyAgreementSpi.java -- The key agreement service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * This is the <i>Service Provider Interface</i> (<b>SPI</b>) for the
+ * {@link javax.crypto.KeyAgreement} class.
+ *
+ * <p>Providers wishing to implement a key agreement algorithm must
+ * subclass this and provide an appropriate implementation for all the
+ * abstract methods below, and provide an appropriate entry in the
+ * master {@link java.security.Provider} class (the service name for key
+ * agreement algorithms is <code>"KeyAgreement"</code>).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see KeyAgreement
+ * @see SecretKey
+ */
+public abstract class KeyAgreementSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new KeyAgreementSpi instance.
+ */
+ public KeyAgreementSpi()
+ {
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Do a phase in the key agreement.
+ *
+ * @param key The key to use for this phase.
+ * @param lastPhase <code>true</code> if this call should be the last
+ * phase.
+ * @return The intermediate result, or <code>null</code> if there is
+ * no intermediate result.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ protected abstract Key engineDoPhase(Key key, boolean lastPhase)
+ throws IllegalStateException, InvalidKeyException;
+
+ /**
+ * Generate the shared secret in a new byte array.
+ *
+ * @return The shared secret in a new byte array.
+ * @throws java.lang.IllegalStateException If this key agreement is
+ * not ready to generate the secret.
+ */
+ protected abstract byte[] engineGenerateSecret()
+ throws IllegalStateException;
+
+ /**
+ * Generate the shared secret, storing it into the specified array.
+ *
+ * @param sharedSecret The byte array in which to store the secret.
+ * @param offset The offset into the byte array to start.
+ * @return The size of the shared secret.
+ * @throws java.lang.IllegalStateException If this key agreement is
+ * not ready to generate the secret.
+ * @throws javax.crypto.ShortBufferException If there is not enough
+ * space in the supplied array for the shared secret.
+ */
+ protected abstract int engineGenerateSecret(byte[] sharedSecret, int offset)
+ throws IllegalStateException, ShortBufferException;
+
+ /**
+ * Generate the shared secret and return it as a {@link SecretKey}.
+ *
+ * @param algorithm The algorithm with which to generate the secret key.
+ * @return The shared secret as a secret key.
+ * @throws java.lang.IllegalStateException If this key agreement is
+ * not ready to generate the secret.
+ * @throws java.security.InvalidKeyException If the shared secret
+ * cannot be made into a {@link SecretKey}.
+ * @throws java.security.NoSuchAlgorithmException If
+ * <code>algorithm</code> cannot be found.
+ */
+ protected abstract SecretKey engineGenerateSecret(String algorithm)
+ throws IllegalStateException, InvalidKeyException, NoSuchAlgorithmException;
+
+ /**
+ * Initialize this key agreement with a key, parameters, and source of
+ * randomness.
+ *
+ * @param key The key to initialize with, usually a private key.
+ * @param params The parameters to initialize with.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * inappropriate.
+ */
+ protected abstract void engineInit(Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException, InvalidKeyException;
+
+ /**
+ * Initialize this key agreement with a key and source of randomness.
+ *
+ * @param key The key to initialize with, usually a private key.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * inappropriate.
+ */
+ protected abstract void engineInit(Key key, SecureRandom random)
+ throws InvalidKeyException;
+}
--- /dev/null
+/* KeyGenerator.java -- Interface to a symmetric key generator.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import gnu.java.security.Engine;
+
+/**
+ * A generic producer of keys for symmetric cryptography. The keys
+ * returned may be simple wrappers around byte arrays, or, if the
+ * target cipher requires them, more complex objects.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see Cipher
+ * @see Mac
+ */
+public class KeyGenerator
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "KeyGenerator";
+
+ /** The underlying generator implementation. */
+ private KeyGeneratorSpi kgSpi;
+
+ /** The provider of the implementation. */
+ private Provider provider;
+
+ /** The name of the algorithm. */
+ private String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new key generator.
+ *
+ * @param kgSpi The underlying generator.
+ * @param provider The provider of this implementation.
+ * @param algorithm The algorithm's name.
+ */
+ protected KeyGenerator(KeyGeneratorSpi kgSpi, Provider provider,
+ String algorithm)
+ {
+ this.kgSpi = kgSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new key generator, returning the first available
+ * implementation.
+ *
+ * @param algorithm The generator algorithm name.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm does not exist.
+ */
+ public static final KeyGenerator getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ String msg = algorithm;
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ /**
+ * Create a new key generator from the named provider.
+ *
+ * @param algorithm The generator algorithm name.
+ * @param provider The name of the provider to use.
+ * @return An appropriate key generator, if found.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm is not implemented by the named provider.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public static final KeyGenerator getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Create a new key generator from the supplied provider.
+ *
+ * @param algorithm The generator algorithm name.
+ * @param provider The provider to use.
+ * @return An appropriate key generator, if found.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm is not implemented by the provider.
+ */
+ public static final KeyGenerator getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new KeyGenerator((KeyGeneratorSpi)
+ Engine.getInstance(SERVICE, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() == null)
+ throw new NoSuchAlgorithmException(algorithm);
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Generate a key.
+ *
+ * @return The new key.
+ */
+ public final SecretKey generateKey()
+ {
+ return kgSpi.engineGenerateKey();
+ }
+
+ /**
+ * Return the name of this key generator.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this key generator with a set of parameters; the
+ * highest-priority {@link java.security.SecureRandom} implementation
+ * will be used.
+ *
+ * @param params The algorithm parameters.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inapproprate.
+ */
+ public final void init(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException
+ {
+ init(params, new SecureRandom());
+ }
+
+ /**
+ * Initialize this key generator with a set of parameters and a source
+ * of randomness.
+ *
+ * @param params The algorithm parameters.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inapproprate.
+ */
+ public final void init(AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
+ kgSpi.engineInit(params, random);
+ }
+
+ /**
+ * Initialize this key generator with a key size (in bits); the
+ * highest-priority {@link java.security.SecureRandom} implementation
+ * will be used.
+ *
+ * @param keySize The target key size, in bits.
+ * @throws java.security.InvalidParameterException If the
+ * key size is unsupported.
+ */
+ public final void init(int keySize)
+ {
+ init(keySize, new SecureRandom());
+ }
+
+ /**
+ * Initialize this key generator with a key size (in bits) and a
+ * source of randomness.
+ *
+ * @param keySize The target key size, in bits.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * key size is unsupported.
+ */
+ public final void init(int keySize, SecureRandom random)
+ {
+ kgSpi.engineInit(keySize, random);
+ }
+
+ /**
+ * Initialize this key generator with a source of randomness. The
+ * implementation-specific default parameters (such as key size) will
+ * be used.
+ *
+ * @param random The source of randomness.
+ */
+ public final void init(SecureRandom random)
+ {
+ kgSpi.engineInit(random);
+ }
+}
--- /dev/null
+/* KeyGeneratorSpi.java -- The key generator service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for the {@link
+ * KeyGenerator} class.
+ *
+ * <p>Providers wishing to implement a key generator must subclass this
+ * and provide an appropriate implementation for all the abstract
+ * methods below, and provide an appropriate entry in the master {@link
+ * java.security.Provider} class (the service name for key generators is
+ * <code>"KeyGenerator"</code>).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see KeyGenerator
+ */
+public abstract class KeyGeneratorSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /** Create a new key generator SPI. */
+ public KeyGeneratorSpi()
+ {
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Generate a key, returning it as a {@link SecretKey}.
+ *
+ * @return The generated key.
+ */
+ protected abstract SecretKey engineGenerateKey();
+
+ /**
+ * Initialize this key generator with parameters and a source of
+ * randomness.
+ *
+ * @param params The parameters.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * parameters are inappropriate for this instance.
+ */
+ protected abstract void engineInit(AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException;
+
+ /**
+ * Initialize this key generator with a key size (in bits) and a
+ * source of randomness.
+ *
+ * @param keySize The target key size, in bits.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidParameterException If the
+ * key size is illogical or unsupported.
+ */
+ protected abstract void engineInit(int keySize, SecureRandom random);
+
+ /**
+ * Initialize this key generator with a source of randomness; the
+ * implementation should use reasonable default parameters (such as
+ * generated key size).
+ *
+ * @param random The source of randomness.
+ */
+ protected abstract void engineInit(SecureRandom random);
+}
--- /dev/null
+/* Mac.java -- The message authentication code interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import gnu.java.security.Engine;
+
+/**
+ * This class implements a "message authentication code" (MAC), a method
+ * to ensure the integrity of data transmitted between two parties who
+ * share a common secret key.
+ *
+ * <p>The best way to describe a MAC is as a <i>keyed one-way hash
+ * function</i>, which looks like:
+ *
+ * <blockquote><p><code>D = MAC(K, M)</code></blockquote>
+ *
+ * <p>where <code>K</code> is the key, <code>M</code> is the message,
+ * and <code>D</code> is the resulting digest. One party will usually
+ * send the concatenation <code>M || D</code> to the other party, who
+ * will then verify <code>D</code> by computing <code>D'</code> in a
+ * similar fashion. If <code>D == D'</code>, then the message is assumed
+ * to be authentic.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class Mac implements Cloneable
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "Mac";
+
+ /** The underlying MAC implementation. */
+ private MacSpi macSpi;
+
+ /** The provider we got our implementation from. */
+ private Provider provider;
+
+ /** The name of the algorithm. */
+ private String algorithm;
+
+ /** Whether or not we've been initialized. */
+ private boolean virgin;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new Mac instance.
+ *
+ * @param macSpi The underlying MAC implementation.
+ * @param provider The provider of this implementation.
+ * @param algorithm The name of this MAC algorithm.
+ */
+ protected Mac(MacSpi macSpi, Provider provider, String algorithm)
+ {
+ this.macSpi = macSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ virgin = true;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get an instance of the named algorithm from the first provider with
+ * an appropriate implementation.
+ *
+ * @param algorithm The name of the algorithm.
+ * @return An appropriate Mac instance, if the specified algorithm
+ * is implemented by a provider.
+ * @throws java.security.NoSuchAlgorithmException If no implementation
+ * of the named algorithm is installed.
+ */
+ public static final Mac getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ String msg = "";
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ /**
+ * Get an instance of the named algorithm from the named provider.
+ *
+ * @param algorithm The name of the algorithm.
+ * @param provider The name of the provider.
+ * @return An appropriate Mac instance, if the specified algorithm is
+ * implemented by the named provider.
+ * @throws java.security.NoSuchAlgorithmException If the named provider
+ * has no implementation of the algorithm.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public static final Mac getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Get an instance of the named algorithm from a provider.
+ *
+ * @param algorithm The name of the algorithm.
+ * @param provider The provider.
+ * @return An appropriate Mac instance, if the specified algorithm is
+ * implemented by the provider.
+ * @throws java.security.NoSuchAlgorithmException If the provider
+ * has no implementation of the algorithm.
+ */
+ public static final Mac getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new Mac((MacSpi) Engine.getInstance(SERVICE, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() == null)
+ throw new NoSuchAlgorithmException(algorithm);
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Finishes the computation of a MAC and returns the digest.
+ *
+ * <p>After this method succeeds, it may be used again as just after a
+ * call to <code>init</code>, and can compute another MAC using the
+ * same key and parameters.
+ *
+ * @return The message authentication code.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized.
+ */
+ public final byte[] doFinal() throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ byte[] digest = macSpi.engineDoFinal();
+ reset();
+ return digest;
+ }
+
+ /**
+ * Finishes the computation of a MAC with a final byte array (or
+ * computes a MAC over those bytes only) and returns the digest.
+ *
+ * <p>After this method succeeds, it may be used again as just after a
+ * call to <code>init</code>, and can compute another MAC using the
+ * same key and parameters.
+ *
+ * @param input The bytes to add.
+ * @return The message authentication code.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized.
+ */
+ public final byte[] doFinal(byte[] input) throws IllegalStateException
+ {
+ update(input);
+ byte[] digest = macSpi.engineDoFinal();
+ reset();
+ return digest;
+ }
+
+ /**
+ * Finishes the computation of a MAC and places the result into the
+ * given array.
+ *
+ * <p>After this method succeeds, it may be used again as just after a
+ * call to <code>init</code>, and can compute another MAC using the
+ * same key and parameters.
+ *
+ * @param output The destination for the result.
+ * @param outOffset The index in the output array to start.
+ * @return The message authentication code.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized.
+ * @throws javax.crypto.ShortBufferException If <code>output</code> is
+ * not large enough to hold the result.
+ */
+ public final void doFinal(byte[] output, int outOffset)
+ throws IllegalStateException, ShortBufferException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ if (output.length - outOffset < getMacLength())
+ {
+ throw new ShortBufferException();
+ }
+ byte[] mac = macSpi.engineDoFinal();
+ System.arraycopy(mac, 0, output, outOffset, getMacLength());
+ reset();
+ }
+
+ /**
+ * Returns the name of this MAC algorithm.
+ *
+ * @return The MAC name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Get the size of the MAC. This is the size of the array returned by
+ * {@link #doFinal()} and {@link #doFinal(byte[])}, and the minimum
+ * number of bytes that must be available in the byte array passed to
+ * {@link #doFinal(byte[],int)}.
+ *
+ * @return The MAC length.
+ */
+ public int getMacLength()
+ {
+ return macSpi.engineGetMacLength();
+ }
+
+ /**
+ * Get the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this MAC with a key and no parameters.
+ *
+ * @param key The key to initialize this instance with.
+ * @throws java.security.InvalidKeyException If the key is
+ * unacceptable.
+ */
+ public final void init(Key key) throws InvalidKeyException
+ {
+ try
+ {
+ init(key, null);
+ }
+ catch (InvalidAlgorithmParameterException iape)
+ {
+ throw new IllegalArgumentException(algorithm + " needs parameters");
+ }
+ }
+
+ /**
+ * Initialize this MAC with a key and parameters.
+ *
+ * @param key The key to initialize this instance with.
+ * @param params The algorithm-specific parameters.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * algorithm parameters are unacceptable.
+ * @throws java.security.InvalidKeyException If the key is
+ * unacceptable.
+ */
+ public final void init(Key key, AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException, InvalidKeyException
+ {
+ macSpi.engineInit(key, params);
+ virgin = false; // w00t!
+ }
+
+ /**
+ * Reset this instance. A call to this method returns this instance
+ * back to the state it was in just after it was initialized.
+ */
+ public final void reset()
+ {
+ macSpi.engineReset();
+ }
+
+ /**
+ * Update the computation with a single byte.
+ *
+ * @param input The next byte.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ */
+ public final void update(byte input) throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ macSpi.engineUpdate(input);
+ }
+
+ /**
+ * Update the computation with a byte array.
+ *
+ * @param input The next bytes.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ */
+ public final void update(byte[] input) throws IllegalStateException
+ {
+ update(input, 0, input.length);
+ }
+
+ /**
+ * Update the computation with a portion of a byte array.
+ *
+ * @param input The next bytes.
+ * @param offset The index in <code>input</code> to start.
+ * @param length The number of bytes to update.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ */
+ public final void update(byte[] input, int offset, int length)
+ throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ macSpi.engineUpdate(input, offset, length);
+ }
+
+ /**
+ * Clone this instance, if the underlying implementation supports it.
+ *
+ * @return A clone of this instance.
+ * @throws java.lang.CloneNotSupportedException If the underlying
+ * implementation is not cloneable.
+ */
+ public Object clone() throws CloneNotSupportedException
+ {
+ Mac result = new Mac((MacSpi) macSpi.clone(), provider, algorithm);
+ result.virgin = virgin;
+ return result;
+ }
+}
--- /dev/null
+/* MacSpi.java -- The MAC service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * This is the <i>Service Provider Interface</i> (<b>SPI</b>) for the
+ * {@link Mac} class.
+ *
+ * <p>Providers wishing to implement a Mac must subclass this class and
+ * provide appropriate implementations of all its abstract methods,
+ * then provide an entry pointing to this implementation in the master
+ * {@link java.security.Provider} class.
+ *
+ * <p>Implemetations may optionally implement the {@link
+ * java.lang.Cloneable} interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public abstract class MacSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new MacSpi instance.
+ */
+ public MacSpi()
+ {
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns a clone of this instance if cloning is supported.
+ *
+ * @return A clone of this instance.
+ * @throws java.lang.CloneNotSupportedException If this instance does
+ * not support cloneing.
+ */
+ public Object clone() throws CloneNotSupportedException
+ {
+ throw new CloneNotSupportedException();
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Finalize the computation of this MAC and return the result as a
+ * byte array.
+ *
+ * @return The MAC.
+ */
+ protected abstract byte[] engineDoFinal();
+
+ /**
+ * Return the total length, in bytes, of the computed MAC (the length
+ * of the byte array returned by {@link #doFinal()}.
+ *
+ * @return The MAC length.
+ */
+ protected abstract int engineGetMacLength();
+
+ /**
+ * Initialize (or re-initialize) this instance.
+ *
+ * @param key The key to use.
+ * @param params The parameters to use.
+ * @throws java.security.InvalidAlgorithmParameterException If this
+ * instance rejects the specified parameters.
+ * @throws java.security.InvalidKeyException If this instance rejects
+ * the specified key.
+ */
+ protected abstract void engineInit(Key key, AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException, InvalidKeyException;
+
+ /**
+ * Reset this instance. After this method succeeds, the state of this
+ * instance should be the same as it was before any data was input
+ * (possibly after a call to {@link
+ * #init(java.security.Key,java.security.spec.AlgorithmParameterSpec)},
+ * possibly not).
+ */
+ protected abstract void engineReset();
+
+ /**
+ * Update this MAC with a single byte.
+ *
+ * @param input The next byte.
+ */
+ protected abstract void engineUpdate(byte input);
+
+ /**
+ * Update this MAC with a portion of a byte array.
+ *
+ * @param input The next bytes.
+ * @param offset The index in <code>input</code> at which to start.
+ * @param length The number of bytes to update.
+ */
+ protected abstract void engineUpdate(byte[] input, int offset, int length);
+}
--- /dev/null
+/* NoSuchPaddingException.java -- Signals an unknown padding scheme.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * This exception is thrown when a particular padding scheme is
+ * requested but is not available.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class NoSuchPaddingException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = -4572885201200175466L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ public NoSuchPaddingException()
+ {
+ super();
+ }
+
+ public NoSuchPaddingException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* NullCipher.java -- The identity cipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+/**
+ * Trivial subclass of Cipher that implements the <i>identity
+ * transformation</i>, where the input is always copied to the output
+ * unchanged. Null ciphers can be instantiated with the public
+ * constructor.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class NullCipher extends Cipher
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new identity cipher.
+ */
+ public NullCipher()
+ {
+ super(new NullCipherImpl(), null, "NULL");
+ }
+}
--- /dev/null
+/* NullCipherImpl.java -- implementation of NullCipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.Key;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * Implementation of the identity cipher.
+ */
+final class NullCipherImpl extends CipherSpi
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ NullCipherImpl()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ protected void engineSetMode(String mode) { }
+ protected void engineSetPadding(String padding) { }
+
+ protected int engineGetBlockSize()
+ {
+ return 1;
+ }
+
+ protected int engineGetOutputSize(int inputLen)
+ {
+ return inputLen;
+ }
+
+ protected byte[] engineGetIV()
+ {
+ return null;
+ }
+
+ protected AlgorithmParameters engineGetParameters()
+ {
+ return null;
+ }
+
+ protected void engineInit(int mode, Key key, SecureRandom random) { }
+ protected void engineInit(int mode, Key key, AlgorithmParameterSpec spec, SecureRandom random) { }
+ protected void engineInit(int mode, Key key, AlgorithmParameters params, SecureRandom random) { }
+
+ protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
+ {
+ if (input == null)
+ return new byte[0];
+ if (inputOffset < 0 || inputLen < 0 || inputOffset + inputLen > input.length)
+ throw new ArrayIndexOutOfBoundsException();
+ byte[] output = new byte[inputLen];
+ System.arraycopy(input, inputOffset, output, 0, inputLen);
+ return output;
+ }
+
+ protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException
+ {
+ if (input == null)
+ return 0;
+ if (inputOffset < 0 || inputLen < 0 || inputOffset + inputLen > input.length
+ || outputOffset < 0)
+ throw new ArrayIndexOutOfBoundsException();
+ if (output.length - outputOffset < inputLen)
+ throw new ShortBufferException();
+ System.arraycopy(input, inputOffset, output, outputOffset, inputLen);
+ return inputLen;
+ }
+
+ protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
+ {
+ return engineUpdate(input, inputOffset, inputLen);
+ }
+
+ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException
+ {
+ return engineUpdate(input, inputOffset, inputLen, output, outputOffset);
+ }
+}
--- /dev/null
+/* SealedObject.java -- An encrypted Serializable object.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+
+/**
+ * This class allows any {@link java.io.Serializable} object to be
+ * stored in an encrypted form.
+ *
+ * <p>When the sealed object is ready to be unsealed (and deserialized)
+ * the caller may use either
+ *
+ * <ol>
+ * <li>{@link #getObject(javax.crypto.Cipher)}, which uses an
+ * already-initialized {@link javax.crypto.Cipher}.<br>
+ * <br>
+ * or,</li>
+ *
+ * <li>{@link #getObject(java.security.Key)} or {@link
+ * #getObject(java.security.Key,java.lang.String)}, which will
+ * initialize a new cipher instance with the {@link #encodedParams} that
+ * were stored with this sealed object (this is so parameters, such as
+ * the IV, don't need to be known by the one unsealing the object).</li>
+ * </ol>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class SealedObject implements Serializable
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** The encoded algorithm parameters. */
+ protected byte[] encodedParams;
+
+ /** The serialized, encrypted object. */
+ private byte[] encryptedContent;
+
+ /** The algorithm used to seal the object. */
+ private String sealAlg;
+
+ /** The parameter type. */
+ private String paramsAlg;
+
+ /** The cipher that decrypts when this object is unsealed. */
+ private transient Cipher sealCipher;
+
+ /** Compatible with JDK1.4. */
+ private static final long serialVersionUID = 4482838265551344752L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new sealed object from a {@link java.io.Serializable}
+ * object and a cipher.
+ *
+ * @param object The object to seal.
+ * @param cipher The cipher to encrypt with.
+ * @throws java.io.IOException If serializing the object fails.
+ * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+ * padding and the size of the serialized representation of the
+ * object is not a multiple of the cipher's block size.
+ */
+ public SealedObject(Serializable object, Cipher cipher)
+ throws IOException, IllegalBlockSizeException
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ObjectOutputStream oos = new ObjectOutputStream(baos);
+ oos.writeObject(object);
+ oos.flush();
+ try
+ {
+ encryptedContent = cipher.doFinal(baos.toByteArray());
+ }
+ catch (IllegalStateException ise)
+ {
+ throw new IOException("cipher not in proper state");
+ }
+ catch (BadPaddingException bpe)
+ {
+ throw new IOException(
+ "encrypting but got javax.crypto.BadPaddingException");
+ }
+ sealAlg = cipher.getAlgorithm();
+ encodedParams = cipher.getParameters().getEncoded();
+ paramsAlg = cipher.getParameters().getAlgorithm();
+ }
+
+ /**
+ * Create a new sealed object from another sealed object.
+ *
+ * @param so The other sealed object.
+ */
+ protected SealedObject(SealedObject so)
+ {
+ this.encodedParams = (byte[]) so.encodedParams.clone();
+ this.encryptedContent = (byte[]) so.encryptedContent.clone();
+ this.sealAlg = so.sealAlg;
+ this.paramsAlg = so.paramsAlg;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the name of the algorithm used to seal this object.
+ *
+ * @return The algorithm's name.
+ */
+ public final String getAlgorithm()
+ {
+ return sealAlg;
+ }
+
+ /**
+ * Unseal and deserialize this sealed object with a specified (already
+ * initialized) cipher.
+ *
+ * @param cipher The cipher to decrypt with.
+ * @return The original object.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.lang.ClassNotFoundException If deserialization fails.
+ * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+ * padding and the encrypted data is not a multiple of the
+ * cipher's block size.
+ * @throws javax.crypto.BadPaddingException If the padding bytes are
+ * incorrect.
+ */
+ public final Object getObject(Cipher cipher)
+ throws IOException, ClassNotFoundException, IllegalBlockSizeException,
+ BadPaddingException
+ {
+ sealCipher = cipher;
+ return unseal();
+ }
+
+ /**
+ * Unseal and deserialize this sealed object with the specified key.
+ *
+ * @param key The key to decrypt with.
+ * @return The original object.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.lang.ClassNotFoundException If deserialization fails.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used to unseal this object.
+ * @throws java.security.NoSuchAlgorithmException If the algorithm
+ * used to originally seal this object is not available.
+ */
+ public final Object getObject(Key key)
+ throws IOException, ClassNotFoundException, InvalidKeyException,
+ NoSuchAlgorithmException
+ {
+ try
+ {
+ if (sealCipher == null)
+ sealCipher = Cipher.getInstance(sealAlg);
+ }
+ catch (NoSuchPaddingException nspe)
+ {
+ throw new NoSuchAlgorithmException(nspe.getMessage());
+ }
+ AlgorithmParameters params = null;
+ if (encodedParams != null)
+ {
+ params = AlgorithmParameters.getInstance(paramsAlg);
+ params.init(encodedParams);
+ }
+ try
+ {
+ sealCipher.init(Cipher.DECRYPT_MODE, key, params);
+ return unseal();
+ }
+ catch (InvalidAlgorithmParameterException iape)
+ {
+ throw new IOException("bad parameters");
+ }
+ catch (IllegalBlockSizeException ibse)
+ {
+ throw new IOException("illegal block size");
+ }
+ catch (BadPaddingException bpe)
+ {
+ throw new IOException("bad padding");
+ }
+ }
+
+ /**
+ * Unseal and deserialize this sealed object with the specified key,
+ * using a cipher from the named provider.
+ *
+ * @param key The key to decrypt with.
+ * @param provider The name of the provider to use.
+ * @return The original object.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.lang.ClassNotFoundException If deserialization fails.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used to unseal this object.
+ * @throws java.security.NoSuchAlgorithmException If the algorithm
+ * used to originally seal this object is not available from
+ * the named provider.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public final Object getObject(Key key, String provider)
+ throws IOException, ClassNotFoundException, InvalidKeyException,
+ NoSuchAlgorithmException, NoSuchProviderException
+ {
+ try
+ {
+ sealCipher = Cipher.getInstance(sealAlg, provider);
+ }
+ catch (NoSuchPaddingException nspe)
+ {
+ throw new NoSuchAlgorithmException(nspe.getMessage());
+ }
+ AlgorithmParameters params = null;
+ if (encodedParams != null)
+ {
+ params = AlgorithmParameters.getInstance(paramsAlg, provider);
+ params.init(encodedParams);
+ }
+ try
+ {
+ sealCipher.init(Cipher.DECRYPT_MODE, key, params);
+ return unseal();
+ }
+ catch (InvalidAlgorithmParameterException iape)
+ {
+ throw new IOException("bad parameters");
+ }
+ catch (IllegalBlockSizeException ibse)
+ {
+ throw new IOException("illegal block size");
+ }
+ catch (BadPaddingException bpe)
+ {
+ throw new IOException("bad padding");
+ }
+ }
+
+ // Own methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Deserialize this object.
+ *
+ * @param ois The input stream.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.lang.ClassNotFoundException If reading fails.
+ */
+ private void readObject(ObjectInputStream ois)
+ throws IOException, ClassNotFoundException
+ {
+ encodedParams = (byte[]) ois.readObject();
+ encryptedContent = (byte[]) ois.readObject();
+ sealAlg = (String) ois.readObject();
+ paramsAlg = (String) ois.readObject();
+ }
+
+ /**
+ * Serialize this object.
+ *
+ * @param oos The output stream.
+ * @throws java.io.IOException If writing fails.
+ */
+ private void writeObject(ObjectOutputStream oos)
+ throws IOException
+ {
+ oos.writeObject(encodedParams);
+ oos.writeObject(encryptedContent);
+ oos.writeObject(sealAlg);
+ oos.writeObject(paramsAlg);
+ }
+
+ /**
+ * Unseal this object, returning it.
+ *
+ * @return The unsealed, deserialized Object.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.io.ClassNotFoundException If reading fails.
+ * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+ * padding and the encrypted data is not a multiple of the
+ * cipher's block size.
+ * @throws javax.crypto.BadPaddingException If the padding bytes are
+ * incorrect.
+ */
+ private Object unseal()
+ throws IOException, ClassNotFoundException, IllegalBlockSizeException,
+ BadPaddingException
+ {
+ ByteArrayInputStream bais = null;
+ try
+ {
+ bais = new ByteArrayInputStream(sealCipher.doFinal(encryptedContent));
+ }
+ catch (IllegalStateException ise)
+ {
+ throw new IOException("cipher not initialized");
+ }
+ ObjectInputStream ois = new ObjectInputStream(bais);
+ return ois.readObject();
+ }
+}
--- /dev/null
+/* SecretKey.java -- A key for symmetric cryptography.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with GNU Classpath; if not, write to the
+
+ Free Software Foundation, Inc.,
+ 59 Temple Place, Suite 330,
+ Boston, MA 02111-1307
+ USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under terms
+of your choice, provided that you also meet, for each linked independent
+module, the terms and conditions of the license of that module. An
+independent module is a module which is not derived from or based on
+this library. If you modify this library, you may extend this exception
+to your version of the library, but you are not obligated to do so. If
+you do not wish to do so, delete this exception statement from your
+version. */
+
+
+package javax.crypto;
+
+import java.security.Key;
+
+/**
+ * A secret key for symmetric cryptography.
+ *
+ * <p>This interface defines no new methods over {@link
+ * java.security.Key}, but rather is intended to be a <i>marker
+ * interface</i> and to provide type safety for secret keys.</p>
+ *
+ * <p>The format of secret keys should be <code>RAW</code>, as returned
+ * by {@link java.security.Key#getFormat()}.</p>
+ *
+ * <p>Concrete implementations of this interface should override the
+ * {@link java.lang.Object#equals} and {@link java.lang.Object#hashCode}
+ * methods of {@link java.lang.Object} to use the actual key data rather
+ * than the identity-based default methods.</p>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @see javax.crypto.SecretKeyFactory
+ * @see javax.crypto.Cipher
+ */
+public interface SecretKey extends Key
+{
+}
--- /dev/null
+/* SecretKeyFactory.java -- Factory for creating secret keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+
+import gnu.java.security.Engine;
+
+/**
+ * A secret key factory translates {@link SecretKey} objects to and from
+ * {@link java.security.spec.KeySpec} objects, and can translate between
+ * different vendors' representations of {@link SecretKey} objects (for
+ * security or semantics; whichever applies).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see SecretKey
+ */
+public class SecretKeyFactory
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "SecretKeyFactory";
+
+ /** The underlying factory implementation. */
+ private SecretKeyFactorySpi skfSpi;
+
+ /** The provider of the implementation. */
+ private Provider provider;
+
+ /** The name of the algorithm. */
+ private String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new secret key factory.
+ *
+ * @param skfSpi The underlying factory implementation.
+ * @param provider The provider.
+ * @param algorithm The algorithm name.
+ */
+ protected SecretKeyFactory(SecretKeyFactorySpi skfSpi, Provider provider,
+ String algorithm)
+ {
+ this.skfSpi = skfSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new secret key factory from the first appropriate
+ * instance.
+ *
+ * @param algorithm The algorithm name.
+ * @return The appropriate key factory, if found.
+ * @throws java.security.NoSuchAlgorithmException If no provider
+ * implements the specified algorithm.
+ */
+ public static final SecretKeyFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ }
+ }
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Create a new secret key factory from the named provider.
+ *
+ * @param algorithm The algorithm name.
+ * @param provider The provider name.
+ * @return The appropriate key factory, if found.
+ * @throws java.security.NoSuchAlgorithmException If the named
+ * provider does not implement the algorithm.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public static final SecretKeyFactory getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Create a new secret key factory from the specified provider.
+ *
+ * @param algorithm The algorithm name.
+ * @param provider The provider.
+ * @return The appropriate key factory, if found.
+ * @throws java.security.NoSuchAlgorithmException If the provider
+ * does not implement the algorithm.
+ */
+ public static final SecretKeyFactory getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new SecretKeyFactory((SecretKeyFactorySpi)
+ Engine.getInstance(SERVICE, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() == null)
+ throw new NoSuchAlgorithmException(algorithm);
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Generate a secret key from a key specification, if possible.
+ *
+ * @param keySpec The key specification.
+ * @return The secret key.
+ * @throws java.security.InvalidKeySpecException If the key specification
+ * cannot be transformed into a secret key.
+ */
+ public final SecretKey generateSecret(KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ return skfSpi.engineGenerateSecret(keySpec);
+ }
+
+ /**
+ * Get the algorithm name.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Get the key specification from a secret key.
+ *
+ * @param key The secret key.
+ * @param keySpec The target key specification class.
+ * @return The key specification.
+ * @throws java.security.spec.InvalidKeySpecException If the secret key cannot
+ * be transformed into the specified key specification.
+ */
+ public final KeySpec getKeySpec(SecretKey key, Class keySpec)
+ throws InvalidKeySpecException
+ {
+ return skfSpi.engineGetKeySpec(key, keySpec);
+ }
+
+ /**
+ * Get the provider of this implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Translate a secret key into another form.
+ *
+ * @param key The key to translate.
+ * @return The translated key.
+ * @throws java.security.InvalidKeyException If the argument cannot be
+ * translated.
+ */
+ public final SecretKey translateKey(SecretKey key)
+ throws InvalidKeyException
+ {
+ return skfSpi.engineTranslateKey(key);
+ }
+}
--- /dev/null
+/* SecretKeyFactorySpi.java -- Secret key factory service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for the {@link
+ * SecretKeyFactory} class.
+ *
+ * <p>Providers wishing to implement a secret key factory must
+ * subclass this and provide an appropriate implementation for all the
+ * abstract methods below, and provide an appropriate entry in the
+ * master {@link java.security.Provider} class (the service name for
+ * secret key factories is <code>"SecretKeyFactory"</code>).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see SecretKeyFactory
+ */
+public abstract class SecretKeyFactorySpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new secret key factory SPI.
+ */
+ public SecretKeyFactorySpi()
+ {
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Translate a {@link java.security.KeySpec} into a {@link SecretKey}.
+ *
+ * @param keySpec The key specification.
+ * @return The secret key.
+ * @throws java.security.spec.InvalidKeySpecException If the key specification
+ * cannot be translated into a secret key.
+ */
+ protected abstract SecretKey engineGenerateSecret(KeySpec keySpec)
+ throws InvalidKeySpecException;
+
+ /**
+ * Translate a {@link SecretKey} into a {@link java.security.KeySpec}.
+ *
+ * @param key The secret key.
+ * @param keySpec The desired key specification class.
+ * @return The key specification.
+ * @throws java.security.spec.InvalidKeySpecException If the secret key cannot
+ * be translated into the desired key specification.
+ */
+ protected abstract KeySpec engineGetKeySpec(SecretKey key, Class keySpec)
+ throws InvalidKeySpecException;
+
+ /**
+ * Translate a secret key into a different representation.
+ *
+ * @param key The secret key to translate.
+ * @return The translated key.
+ * @throws java.security.InvalidKeyException If the specified secret
+ * key cannot be translated.
+ */
+ protected abstract SecretKey engineTranslateKey(SecretKey key)
+ throws InvalidKeyException;
+}
--- /dev/null
+/* ShortBufferException.java -- Signals a short output buffer.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * This exception is thrown on an attempt to transform bytes into a
+ * buffer that is too short to contain the data.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class ShortBufferException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = 8427718640832943747L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ public ShortBufferException()
+ {
+ super();
+ }
+
+ public ShortBufferException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* DHKey.java -- General interface for a Diffie-Hellman key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.interfaces;
+
+import javax.crypto.spec.DHParameterSpec;
+
+/**
+ * This interface marks public/private keys in the Diffie-Hellman key
+ * exchange algorithm. Implementations of Diffie-Hellman keys should
+ * implement this interface, and applications can safely cast keys that
+ * are known to be Diffie-Hellman keys to this interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public interface DHKey
+{
+ /**
+ * Returns the Diffie-Hellman parameters for this key, which includes
+ * the generator and the prime.
+ *
+ * @return The Diffie-Hellman parameters.
+ */
+ DHParameterSpec getParams();
+}
--- /dev/null
+/* DHPrivateKey.java -- A Diffie-Hellman private key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.interfaces;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+
+/**
+ * This interface marks a private key in the Diffie-Hellman key exchange
+ * algorithm. It should be treated with as much care as any {@link
+ * java.security.PrivateKey}.
+ *
+ * <p>Implementations of Diffie-Hellman private keys should implement
+ * this interface. Applications that know a particular key is a
+ * Diffie-Hellman private key can safely cast it to this interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHKey
+ * @see DHPublicKey
+ */
+public interface DHPrivateKey extends DHKey, PrivateKey
+{
+
+ /** Compatible with JDK1.4. */
+ static final long serialVersionUID = 2211791113380396553L;
+
+ /**
+ * Returns the private value <i>x</i>.
+ *
+ * @return The private value <i>x</i>.
+ */
+ BigInteger getX();
+}
--- /dev/null
+/* DHPublicKey.java -- A Diffie-Hellman public key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.interfaces;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+
+/**
+ * This interface marks a public key in the Diffie-Hellman key-exchange
+ * algorithm.
+ *
+ * <p>Implementations of Diffie-Hellman public keys should implement
+ * this interface. Applications that know that a particular key is a
+ * Diffie-Hellman public key it can be safely cast to this interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHKey
+ * @see DHPrivateKey
+ */
+public interface DHPublicKey extends DHKey, PublicKey
+{
+
+ /** Compatible with JDK1.4. */
+ static final long serialVersionUID = -6628103563352519193L;
+
+ /**
+ * Get the public value <i>y</i>.
+ *
+ * @return The public value <i>y</i>.
+ */
+ BigInteger getY();
+}
--- /dev/null
+/* PBEKey.java -- A key derived from a password.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.interfaces;
+
+import javax.crypto.SecretKey;
+
+/**
+ * Interface to a password-derived key for password-based encryption
+ * (PBE). Applications working with a {@link javax.crypto.SecretKey}
+ * that is known to be a password-based key can safely cast such keys to
+ * this interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public interface PBEKey extends SecretKey
+{
+
+ /** Compatible with JDK1.4. */
+ static final long serialVersionUID = -1430015993304333921L;
+
+ /**
+ * Retruns the iteration count, or 0 if not specified.
+ *
+ * @return The iteration count.
+ */
+ int getIterationCount();
+
+ /**
+ * Returns a copy of the password as a character array. It is the
+ * caller's responsibility to zero-out the password when it is no
+ * longer in use.
+ *
+ * <p>Although it is not specified in the documentation,
+ * implementations should not copy or clone the password array, but
+ * rather return the reference to the array itself, so the caller has
+ * the ability to erase the password.
+ *
+ * @return The password.
+ */
+ char[] getPassword();
+
+ /**
+ * Returns a copy of the salt. It is the caller's responsibility to
+ * zero-out the salt when it is no longer in use.
+ *
+ * <p>Although it is not specified in the documentation,
+ * implementations should not copy or clone the salt array, but
+ * rather return the reference to the array itself, so the caller has
+ * the ability to erase the salt.
+ *
+ * @return The salt.
+ */
+ byte[] getSalt();
+}
--- /dev/null
+/* DESKeySpec -- Keys for DES.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+
+/**
+ * This class is a transparent wrapper for DES keys, which are arrays
+ * of 8 bytes.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class DESKeySpec implements KeySpec
+{
+
+ // Constants.
+ // ------------------------------------------------------------------------
+
+ /**
+ * The length of a DES key, in bytes.
+ */
+ public static final int DES_KEY_LEN = 8;
+
+ /**
+ * The key bytes.
+ */
+ private byte[] key;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new DES key spec, copying the first 8 bytes from the
+ * byte array.
+ *
+ * @param key The key bytes.
+ * @throws java.security.InvalidKeyException If there are less than 8
+ * bytes in the array.
+ */
+ public DESKeySpec(byte[] key) throws InvalidKeyException
+ {
+ this(key, 0);
+ }
+
+ /**
+ * Create a new DES key spec, starting at <code>offset</code> in
+ * the byte array. The first 8 bytes starting at <code>offset</code>
+ * are copied.
+ *
+ * @param key The key bytes.
+ * @param offset The offset into the byte array at which to begin.
+ * @throws java.security.InvalidKeyException If there are less than 8
+ * bytes starting at <code>offset</code>.
+ */
+ public DESKeySpec(byte[] key, int offset) throws InvalidKeyException
+ {
+ if (key.length - offset < DES_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES keys must be 8 bytes long");
+ }
+ this.key = new byte[DES_KEY_LEN];
+ System.arraycopy(key, offset, this.key, 0, DES_KEY_LEN);
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns whether or not the given key is <i>parity adjusted</i>;
+ * i.e. every byte in the key has an odd number of "1" bits.
+ *
+ * @param key The key bytes, considered between <code>[offset,
+ * offset+7]</code>
+ * @param offset The offset into the byte array at which to begin.
+ * @return True if all bytes have an odd number of "1" bits.
+ * @throws java.security.InvalidKeyException If there are not enough
+ * bytes in the array.
+ */
+ public static boolean isParityAdjusted(byte[] key, int offset)
+ throws InvalidKeyException
+ {
+ if (key.length - offset < DES_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES keys must be 8 bytes long");
+ }
+ boolean parity = false;
+ boolean oddbits = false;
+ for (int i = 0; i < DES_KEY_LEN; i++)
+ {
+ oddbits = false;
+ for (int j = 0; j < 8; j++)
+ {
+ oddbits ^= (key[i+offset] & 1 << j) != 0;
+ }
+ parity &= oddbits;
+ }
+ return parity;
+ }
+
+ /**
+ * One-half of the weak and semiweak DES keys (the other half are the
+ * complements of these).
+ */
+ private static final byte[][] WEAK_KEYS = new byte[][] {
+ { 0, 0, 0, 0, 0, 0, 0, 0 }, // 0000 0000 0000 0000
+ { -1, -1, -1, -1, 0, 0, 0, 0 }, // ffff ffff 0000 0000
+ { 1, 1, 1, 1, 1, 1, 1, 1 }, // 0101 0101 0101 0101
+ { 31, 31, 31, 31, 14, 14, 14, 14 }, // 1f1f 1f1f 0e0e 0e0e
+ { 1, -2, 1, -2, 1, -2, 1, -2 }, // 01fe 01fe 01fe 01fe
+ { 31, -32, 31, -32, -32, 31, -32, 31 }, // 1fe0 1fe0 0e1f 0e1f
+ { 1, -32, 1, -32, 1, -15, 1, -15 }, // 01e0 01e0 01f1 01f1
+ { 31, -2, 31, -2, 14, -2, 14, -2 }, // 1ffe 1ffe 0efe 0efe
+ { 1, 31, 1, 31, 1, 14, 1, 14 }, // 011f 011f 010e 010e
+ { -32, -2, -32, -2, -15, -2, -15, -2 }, // e0fe e0fe f1fe f1fe
+ };
+
+ /**
+ * Tests if the bytes between <code>[offset, offset+7]</code>
+ * constitute a weak or semi-weak DES key.
+ *
+ * @param key The key bytes to check.
+ * @param offset The offset in the byte array to start.
+ * @return true If the key bytes are a weak key.
+ */
+ public static boolean isWeak(byte[] key, int offset)
+ throws InvalidKeyException
+ {
+ if (key.length - offset < DES_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES keys must be 8 bytes long");
+ }
+ for (int i = 0; i < WEAK_KEYS.length; i++)
+ {
+ if (equalsOrComplementEquals(key, offset, WEAK_KEYS[i]))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * This method returns true if the first 8 bytes starting at
+ * <code>off</code> in <code>a</code> equal the first 8 bytes in
+ * <code>b</code>, or equal the <i>complement</i> of the first 8 bytes
+ * in <code>b</code>.
+ *
+ * @param a The first byte array.
+ * @param off The index into the first byte array.
+ * @param b The second byte array.
+ * @return <code>a == b || a == ~b</code>
+ */
+ private static boolean equalsOrComplementEquals(byte[] a, int off, byte[] b)
+ {
+ boolean result = true;
+ for (int i = 0; i < DES_KEY_LEN; i++)
+ {
+ result &= a[off+i] == b[i];
+ }
+ if (result) return true;
+ result = true;
+ for (int i = 0; i < DES_KEY_LEN; i++)
+ {
+ result &= a[off+i] == (~b[i]);
+ }
+ return result;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the key as a byte array. This method does not copy the byte
+ * array.
+ *
+ * @return The key bytes.
+ */
+ public byte[] getKey()
+ {
+ return key;
+ }
+}
--- /dev/null
+/* DESedeKeySpec.java -- Keys for triple-DES.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+
+/**
+ * This class is a transparent wrapper for DES-EDE (Triple-DES) keys,
+ * which are arrays of 24 bytes.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class DESedeKeySpec implements KeySpec
+{
+
+ // Constants.
+ // ------------------------------------------------------------------------
+
+ /**
+ * The length of a triple-DES key, in bytes.
+ */
+ public static final int DES_EDE_KEY_LEN = 24;
+
+ /**
+ * The key bytes.
+ */
+ private byte[] key;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new DES-EDE key spec, copying the first 24 bytes from the
+ * byte array.
+ *
+ * @param key The key bytes.
+ * @throws java.security.InvalidKeyException If there are less than 24
+ * bytes in the array.
+ */
+ public DESedeKeySpec(byte[] key) throws InvalidKeyException
+ {
+ this(key, 0);
+ }
+
+ /**
+ * Create a new DES-EDE key spec, starting at <code>offset</code> in
+ * the byte array. The first 24 bytes starting at <code>offset</code>
+ * are copied.
+ *
+ * @param key The key bytes.
+ * @param offset The offset into the byte array at which to begin.
+ * @throws java.security.InvalidKeyException If there are less than 24
+ * bytes starting at <code>offset</code>.
+ */
+ public DESedeKeySpec(byte[] key, int offset) throws InvalidKeyException
+ {
+ if (key.length - offset < DES_EDE_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES-EDE keys must be 24 bytes long");
+ }
+ this.key = new byte[DES_EDE_KEY_LEN];
+ System.arraycopy(key, offset, this.key, 0, DES_EDE_KEY_LEN);
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns whether or not the given key is <i>parity adjusted</i>;
+ * i.e. every byte in the key has an odd number of "1" bits.
+ *
+ * @param key The key bytes, considered between <code>[offset,
+ * offset+23]</code>
+ * @param offset The offset into the byte array at which to begin.
+ * @return True if all bytes have an odd number of "1" bits.
+ * @throws java.security.InvalidKeyException If there are not enough
+ * bytes in the array.
+ */
+ public static boolean isParityAdjusted(byte[] key, int offset)
+ throws InvalidKeyException
+ {
+ if (key.length - offset < DES_EDE_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES-EDE keys must be 24 bytes long");
+ }
+ boolean parity = false;
+ boolean oddbits = false;
+ for (int i = 0; i < DES_EDE_KEY_LEN; i++)
+ {
+ oddbits = false;
+ for (int j = 0; j < 8; j++)
+ {
+ oddbits ^= (key[i+offset] & 1 << j) != 0;
+ }
+ parity &= oddbits;
+ }
+ return parity;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the key as a byte array. This method does not copy the byte
+ * array.
+ *
+ * @return The key bytes.
+ */
+ public byte[] getKey()
+ {
+ return key;
+ }
+}
--- /dev/null
+/* DHGenParameterSpec.java -- Diffie-Hellman parameter generator spec.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * This class represents the parameters needed for generating
+ * Diffie-Hellman parameters.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHParameterSpec
+ */
+public class DHGenParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Variables.
+ // ------------------------------------------------------------------------
+
+ /** The length of the prime, in bits. */
+ private int primeSize;
+
+ /** The length of the exponent, in bits. */
+ private int exponentSize;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new Diffie-Hellman parameter generator spec.
+ *
+ * @param primeSize The size of the prime, in bits.
+ * @param exponentSize The size of the exponent, in bits.
+ */
+ public DHGenParameterSpec(int primeSize, int exponentSize)
+ {
+ this.primeSize = primeSize;
+ this.exponentSize = exponentSize;
+ }
+
+ // Intance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the size of the exponent, in bits.
+ *
+ * @return The exponent size.
+ */
+ public int getExponentSize()
+ {
+ return exponentSize;
+ }
+
+ /**
+ * Get the size of the prime, in bits.
+ *
+ * @return The prime size.
+ */
+ public int getPrimeSize()
+ {
+ return primeSize;
+ }
+}
--- /dev/null
+/* DHParameterSpec.java -- Parameters for Diffie-Hellman keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * The base set of parameters necessary to perform Diffie-Hellman key
+ * exchange. Each party in the key exchange shares these parameters.
+ *
+ * <p>Each set of parameters consists of a <i>base generator</i>
+ * <code>g</code>, a <i>prime modulus</i> <code>p</code>, and an
+ * optional length, in bits, of the private exponent.
+ *
+ * <p>See <a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/">PKCS
+ * #3 - Diffie-Hellman Key Agreement Standard</a> for more information.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see javax.crypto.KeyAgreement
+ */
+public class DHParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Variables.
+ // ------------------------------------------------------------------------
+
+ /** The base generator g. */
+ private BigInteger g;
+
+ /** The prime modulus p. */
+ private BigInteger p;
+
+ /** The length, in bits, of the private exponent. */
+ private int l;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new set of Diffie-Hellman parameters.
+ *
+ * @param p The prime modulus.
+ * @param g The base generator.
+ */
+ public DHParameterSpec(BigInteger p, BigInteger g)
+ {
+ this(p, g, 0);
+ }
+
+ /**
+ * Create a new set of Diffie-Hellman parameters.
+ *
+ * @param p The prime modulus.
+ * @param g The base generator.
+ * @param l The size of the private exponent, in bits.
+ */
+ public DHParameterSpec(BigInteger p, BigInteger g, int l)
+ {
+ this.p = p;
+ this.g = g;
+ this.l = l;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the base generator, <i>g</i>.
+ *
+ * @return The base generator <i>g</i>.
+ */
+ public BigInteger getG()
+ {
+ return g;
+ }
+
+ /**
+ * Get the length of the private exponent, in bits.
+ *
+ * @return The length of the private exponent, in bits, or 0 if this
+ * has not been explicitly set.
+ */
+ public int getL()
+ {
+ return l;
+ }
+
+ /**
+ * Get the prime modulus, <i>p</i>.
+ *
+ * @return The prime modulus, <i>p</i>.
+ */
+ public BigInteger getP()
+ {
+ return p;
+ }
+}
--- /dev/null
+/* DHPrivateKeySpec.java -- Wrapper for Diffie-Hellman private keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.KeySpec;
+
+/**
+ * A wrapper for Diffie-Hellman private key data.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHPublicKeySpec
+ */
+public class DHPrivateKeySpec implements KeySpec
+{
+
+ // Variables.
+ // ------------------------------------------------------------------------
+
+ /** The base generator. */
+ private BigInteger g;
+
+ /** The prime modulus. */
+ private BigInteger p;
+
+ /** The private exponent. */
+ private BigInteger x;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new Diffie-Hellman private key spec.
+ *
+ * @param x The private exponent.
+ * @param p The prime modulus.
+ * @param g The base generator.
+ */
+ public DHPrivateKeySpec(BigInteger x, BigInteger p, BigInteger g)
+ {
+ this.x = x;
+ this.p = p;
+ this.g = g;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the base generator.
+ *
+ * @return The base generator.
+ */
+ public BigInteger getG()
+ {
+ return g;
+ }
+
+ /**
+ * Get the prime modulus.
+ *
+ * @return The prime modulus.
+ */
+ public BigInteger getP()
+ {
+ return p;
+ }
+
+ /**
+ * Get the private exponent.
+ *
+ * @return The private exponent.
+ */
+ public BigInteger getX()
+ {
+ return x;
+ }
+}
--- /dev/null
+/* DHPublicKeySpec.java -- Wrapper for Diffie-Hellman public keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.KeySpec;
+
+/**
+ * A wrapper for Diffie-Hellman public key data.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHPrivateKeySpec
+ */
+public class DHPublicKeySpec implements KeySpec
+{
+
+ // Variables.
+ // ------------------------------------------------------------------------
+
+ /** The base generator. */
+ private BigInteger g;
+
+ /** The prime modulus. */
+ private BigInteger p;
+
+ /** The public value. */
+ private BigInteger y;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new Diffie-Hellman public key spec.
+ *
+ * @param y The public value.
+ * @param p The prime modulus.
+ * @param g The base generator.
+ */
+ public DHPublicKeySpec(BigInteger y, BigInteger p, BigInteger g)
+ {
+ this.y = y;
+ this.p = p;
+ this.g = g;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the base generator.
+ *
+ * @return The base generator.
+ */
+ public BigInteger getG()
+ {
+ return g;
+ }
+
+ /**
+ * Get the prime modulus.
+ *
+ * @return The prime modulus.
+ */
+ public BigInteger getP()
+ {
+ return p;
+ }
+
+ /**
+ * Get the public value.
+ *
+ * @return The public value.
+ */
+ public BigInteger getY()
+ {
+ return y;
+ }
+}
--- /dev/null
+/* IvParameterSpec.java -- A simple wrapper for initialization vectors.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A wrapper for an initialization vector. An initialization vector is
+ * necessary for any cipher in any <i>feedback mode</i>, e.g. CBC.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class IvParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The IV. */
+ private byte[] iv;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new initialization vector spec from an entire byte array.
+ *
+ * @param iv The IV bytes.
+ */
+ public IvParameterSpec(byte[] iv)
+ {
+ this(iv, 0, iv.length);
+ }
+
+ /**
+ * Create a new initialization vector spec from part of a byte array.
+ *
+ * @param iv The IV bytes.
+ * @param off The offset into the IV bytes.
+ * @param len The number of IV bytes.
+ */
+ public IvParameterSpec(byte[] iv, int off, int len)
+ {
+ this.iv = new byte[len];
+ System.arraycopy(iv, off, this.iv, 0, len);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the IV. This method does not copy the byte array.
+ *
+ * @return The IV.
+ */
+ public byte[] getIV()
+ {
+ return iv;
+ }
+}
--- /dev/null
+/* PBEKeySpec.java -- Wrapper for password-based keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.KeySpec;
+
+/**
+ * A wrapper for a password-based key, used for password-based
+ * encryption (PBE).
+ *
+ * <p>Examples of password-based encryption algorithms include:
+ *
+ * <ul>
+ * <li><a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/">PKCS #5
+ * - Password-Based Cryptography Standard</a></li>
+ * <li><a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/">PKCS
+ * #12 - Personal Information Exchange Syntax Standard</a></li>
+ * </ul>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see javax.crypto.SecretKeyFactory
+ * @see PBEParameterSpec
+ */
+public class PBEKeySpec implements KeySpec
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The iteration count. */
+ private int iterationCount;
+
+ /** The generated key length. */
+ private int keyLength;
+
+ /** The password. */
+ private char[] password;
+
+ /** The salt. */
+ private byte[] salt;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new PBE key spec with just a password.
+ *
+ * @param password The password char array.
+ */
+ public PBEKeySpec(char[] password)
+ {
+ this(password, null, 0, 0);
+ }
+
+ /**
+ * Create a PBE key spec with a password, salt, and iteration count.
+ *
+ * @param password The password char array.
+ * @param salt The salt bytes.
+ * @param iterationCount The iteration count.
+ */
+ public PBEKeySpec(char[] password, byte[] salt, int iterationCount)
+ {
+ this(password, salt, iterationCount, 0);
+ }
+
+ /**
+ * Create a PBE key spec with a password, salt, iteration count, and
+ * key length.
+ *
+ * @param password The password char array.
+ * @param salt The salt bytes.
+ * @param iterationCount The iteration count.
+ * @param keyLength The generated key length.
+ */
+ public PBEKeySpec(char[] password, byte[] salt, int iterationCount,
+ int keyLength)
+ {
+ this.password = password;
+ this.salt = salt;
+ this.iterationCount = iterationCount;
+ this.keyLength = keyLength;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Clear the password array by filling it with null characters.
+ */
+ public final void clearPassword()
+ {
+ if (password == null) return;
+ for (int i = 0; i < password.length; i++)
+ {
+ password[i] = '\u0000';
+ }
+ }
+
+ /**
+ * Get the iteration count, or 0 if it has not been specified.
+ *
+ * @return The iteration count, or 0 if it has not been specified.
+ */
+ public final int getIterationCount()
+ {
+ return iterationCount;
+ }
+
+ /**
+ * Get the generated key length, or 0 if it has not been specified.
+ *
+ * @return The key length, or 0 if it has not been specified.
+ */
+ public final int getKeyLength()
+ {
+ return keyLength;
+ }
+
+ /**
+ * Get the password character array.
+ *
+ * @return The password.
+ */
+ public final char[] getPassword()
+ {
+ return password;
+ }
+
+ /**
+ * Get the salt bytes.
+ *
+ * @return The salt.
+ */
+ public final byte[] getSalt()
+ {
+ return salt;
+ }
+}
--- /dev/null
+/* PBEParameterSpec.java -- A wrapper for PBE parameters.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A wrapper for the parameters used in <a
+ * href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/">PKCS #5 -
+ * Password-Based Cryptography Standard</a>.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class PBEParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The iteration count. */
+ private int iterationCount;
+
+ /** The salt. */
+ private byte[] salt;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new password-based encryption parameter specification.
+ *
+ * @param salt The salt.
+ * @param iterationCount The iteration count.
+ */
+ public PBEParameterSpec(byte[] salt, int iterationCount)
+ {
+ this.salt = salt;
+ this.iterationCount = iterationCount;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the iteration count.
+ *
+ * @return The iteration count.
+ */
+ public int getIterationCount()
+ {
+ return iterationCount;
+ }
+
+ /**
+ * Get the salt.
+ *
+ * @return The salt.
+ */
+ public byte[] getSalt()
+ {
+ return salt;
+ }
+}
--- /dev/null
+/* RC2ParameterSpec.java -- Wrapper for RC2 parameters.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A wrapper for parameters for the <a
+ * href="http://www.rsasecurity.com/rsalabs/faq/3-6-2.html">RC2</a>
+ * block cipher ("RC" means either "Rivest Cipher" or "Ron's Code",
+ * depending upon who you ask and when).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class RC2ParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** The length of an RC2 IV, in bytes. */
+ private static final int RC2_IV_LENGTH = 8;
+
+ /** The effective key length, in bits. */
+ private int effectiveKeyBits;
+
+ /** The initialization vector. */
+ private byte[] iv;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create RC2 parameters without an IV.
+ *
+ * @param effectiveKeyBits The number of effective key bits.
+ */
+ public RC2ParameterSpec(int effectiveKeyBits)
+ {
+ this.effectiveKeyBits = effectiveKeyBits;
+ }
+
+ /**
+ * Create RC2 parameters with an IV.
+ *
+ * @param effectiveKeyBits The number of effective key bits.
+ * @param iv The IV; the first eight bytes of this array
+ * are used.
+ */
+ public RC2ParameterSpec(int effectiveKeyBits, byte[] iv)
+ {
+ this(effectiveKeyBits, iv, 0);
+ }
+
+ /**
+ * Create RC2 parameters with an IV.
+ *
+ * @param effectiveKeyBits The number of effective key bits.
+ * @param iv The IV; the first eight bytes of this array
+ * after <code>offset</code> are used.
+ * @param offset From whence to start in the array.
+ */
+ public RC2ParameterSpec(int effectiveKeyBits, byte[] iv, int offset)
+ {
+ if (iv.length - offset < RC2_IV_LENGTH)
+ {
+ throw new IllegalArgumentException("IV too short");
+ }
+ this.effectiveKeyBits = effectiveKeyBits;
+ this.iv = new byte[RC2_IV_LENGTH];
+ System.arraycopy(iv, offset, this.iv, 0, RC2_IV_LENGTH);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the number of effective key bits.
+ *
+ * @return The numer of effective key bits.
+ */
+ public int getEffectiveKeyBits()
+ {
+ return effectiveKeyBits;
+ }
+
+ /**
+ * Return the initialization vector, or <code>null</code> if none was
+ * specified.
+ *
+ * @return The IV, or null.
+ */
+ public byte[] getIV()
+ {
+ return iv;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (this == o) return true;
+ byte[] oiv = ((RC2ParameterSpec) o).getIV();
+ if (iv != oiv)
+ {
+ if (iv == null || oiv == null) return false;
+ if (iv.length != oiv.length) return false;
+ for (int i = 0; i < iv.length; i++)
+ {
+ if (iv[i] != oiv[i])
+ {
+ return false;
+ }
+ }
+ }
+ return effectiveKeyBits == ((RC2ParameterSpec) o).getEffectiveKeyBits();
+ }
+
+ public int hashCode()
+ {
+ int code = effectiveKeyBits;
+ if (iv != null)
+ {
+ for (int i = 0; i < RC2_IV_LENGTH; i++)
+ {
+ code += iv[i];
+ }
+ }
+ return code;
+ }
+}
--- /dev/null
+/* RC5ParameterSpec.java -- parameters for RC5.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A wrapper for parameters to the <a
+ * href="http://www.rsasecurity.com/rsalabs/faq/3-6-4.html">RC5</a>
+ * block cipher.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class RC5ParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The IV. */
+ private byte[] iv;
+
+ /** The number of rounds. */
+ private int rounds;
+
+ /** The version number. */
+ private int version;
+
+ /** The word size, in bits. */
+ private int wordSize;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create RC5 parameters without an IV.
+ *
+ * @param version The version number.
+ * @param rounds The number of rounds.
+ * @param wordSize The size of a word, in bits.
+ */
+ public RC5ParameterSpec(int version, int rounds, int wordSize)
+ {
+ this.version = version;
+ this.rounds = rounds;
+ this.wordSize = wordSize;
+ }
+
+ /**
+ * Create RC5 parameters with an IV. The bytes in <code>iv</code> in
+ * the range <code>[0, 2*(wordSize/8)-1]</code> are used.
+ *
+ * @param version The version number.
+ * @param rounds The number of rounds.
+ * @param wordSize The size of a word, in bits.
+ * @param iv The IV data.
+ */
+ public RC5ParameterSpec(int version, int rounds, int wordSize, byte[] iv)
+ {
+ this(version, rounds, wordSize, iv, 0);
+ }
+
+ /**
+ * Create RC5 parameters with an IV. The bytes in <code>iv</code> in
+ * the range <code>[off, off+2*(wordSize/8)-1]</code> are used.
+ *
+ * @param version The version number.
+ * @param rounds The number of rounds.
+ * @param wordSize The size of a word, in bits.
+ * @param iv The IV data.
+ * @param off From where in the array the IV starts.
+ */
+ public
+ RC5ParameterSpec(int version, int rounds, int wordSize, byte[] iv, int off)
+ {
+ this(version, rounds, wordSize);
+ int ivLength = 2 * (wordSize / 8);
+ if (off < 0)
+ throw new IllegalArgumentException();
+ if (iv.length - off < ivLength)
+ {
+ throw new IllegalArgumentException("IV too short");
+ }
+ this.iv = new byte[ivLength];
+ System.arraycopy(iv, off, this.iv, 0, ivLength);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the initializaiton vector, or <code>null</code> if none was
+ * specified.
+ *
+ * @return The IV, or null.
+ */
+ public byte[] getIV()
+ {
+ return iv;
+ }
+
+ /**
+ * Get the number of rounds.
+ *
+ * @return The number of rounds.
+ */
+ public int getRounds()
+ {
+ return rounds;
+ }
+
+ /**
+ * Get the version number.
+ *
+ * @return The version number.
+ */
+ public int getVersion()
+ {
+ return version;
+ }
+
+ /**
+ * Get the word size, in bits.
+ *
+ * @return The word size, in bits.
+ */
+ public int getWordSize()
+ {
+ return wordSize;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (this == o) return true;
+ byte[] oiv = ((RC5ParameterSpec) o).getIV();
+ if (iv != oiv)
+ {
+ if (iv == null || oiv == null) return false;
+ if (iv.length != oiv.length) return false;
+ for (int i = 0; i < iv.length; i++)
+ {
+ if (iv[i] != oiv[i])
+ {
+ return false;
+ }
+ }
+ }
+ return rounds == ((RC5ParameterSpec) o).getRounds()
+ && version == ((RC5ParameterSpec) o).getVersion()
+ && wordSize == ((RC5ParameterSpec) o).getWordSize();
+ }
+
+ public int hashCode()
+ {
+ int code = rounds + version + wordSize;
+ if (iv != null)
+ {
+ for (int i = 0; i < iv.length; i++)
+ {
+ code += iv[i];
+ }
+ }
+ return code;
+ }
+}
--- /dev/null
+/* SecretKeySpec.java -- Wrapper for secret keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.KeySpec;
+import javax.crypto.SecretKey;
+
+/**
+ * This is a simple wrapper around a raw byte array, for ciphers that do
+ * not require any key parameters other than the bytes themselves.
+ *
+ * <p>Since this class implements {@link javax.crypto.SecretKey}, which
+ * in turn extends {@link java.security.Key}, so instances of this class
+ * may be passed directly to the <code>init()</code> methods of {@link
+ * javax.crypto.Cipher}.
+ *
+ * @see javax.crypto.SecretKey
+ * @see javax.crypto.SecretKeyFactory
+ */
+public class SecretKeySpec implements KeySpec, SecretKey
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Compatible with JDK1.4. */
+ private static final long serialVersionUID = 6577238317307289933L;
+
+ /** The key bytes. */
+ private byte[] key;
+
+ /** The algorithm's name. */
+ private String algorithm;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new secret key spec from an entire byte array.
+ *
+ * @param key The key material.
+ * @param algorithm The name of the algorithm using this key.
+ */
+ public SecretKeySpec(byte[] key, String algorithm)
+ {
+ this(key, 0, key.length, algorithm);
+ }
+
+ /**
+ * Create a new secret key spec from part of a byte array.
+ *
+ * @param key The key material.
+ * @param off The offset at which key material begins.
+ * @param len The length of key material.
+ * @param algorithm The name of the algorithm using this key.
+ */
+ public SecretKeySpec(byte[] key, int off, int len, String algorithm)
+ {
+ this.key = new byte[len];
+ this.algorithm = algorithm;
+ System.arraycopy(key, off, this.key, 0, len);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the name of the algorithm associated with this secret key.
+ *
+ * @return The algorithm's name.
+ */
+ public String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the key as a byte array.
+ *
+ * @return The key material.
+ */
+ public byte[] getEncoded()
+ {
+ return key;
+ }
+
+ /**
+ * This key's format, which is always "RAW".
+ *
+ * @return "RAW"
+ */
+ public String getFormat()
+ {
+ return "RAW";
+ }
+
+ public boolean equals(Object o)
+ {
+ byte[] okey = ((SecretKeySpec) o).getEncoded();
+ if (key.length != okey.length) return false;
+ for (int i = 0; i < key.length; i++)
+ {
+ if (key[i] != okey[i])
+ return false;
+ }
+ return algorithm.equals(((SecretKeySpec) o).getAlgorithm());
+ }
+
+ public int hashCode()
+ {
+ int code = 0;
+ for (int i = 0; i < key.length; i++)
+ {
+ code ^= (key[i] & 0xff) << (i << 3 & 31);
+ }
+ return code ^ algorithm.hashCode();
+ }
+}
--- /dev/null
+/* ServerSocketFactory.java -- factory for server sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+import java.security.Security;
+
+/**
+ * A factory for server sockets. The purpose of this class is to serve
+ * as the superclass of server socket factories that produce server
+ * sockets of a particular type, such as <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) server sockets.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class ServerSocketFactory
+{
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Default 0-argument constructor.
+ */
+ protected ServerSocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the default server socket factory. The type of factory
+ * returned may depend upon the installation.
+ *
+ * @return The default server socket factory.
+ */
+ public static synchronized ServerSocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("gnu.defaultServerSocketFactory");
+ if (s != null)
+ {
+ Class c = Class.forName(s);
+ return (ServerSocketFactory) c.newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ return new VanillaServerSocketFactory();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create an unbound server socket.
+ *
+ * @return The new server socket.
+ * @throws IOException If a networking error occurs.
+ */
+ public ServerSocket createServerSocket() throws IOException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Create a server socket bound to the given port.
+ *
+ * @param port The port to bind the server socket to.
+ * @return A server socket bound to <i>port</i>.
+ * @throws IOException If a networking error occurs.
+ */
+ public abstract ServerSocket createServerSocket(int port) throws IOException;
+
+ public abstract ServerSocket createServerSocket(int port, int backlog) throws IOException;
+
+ public abstract ServerSocket createServerSocket(int port, int backlog, InetAddress bindAddress) throws IOException;
+}
--- /dev/null
+/* SocketFactory.java -- factory for client sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import java.security.Security;
+
+/**
+ * A factory for client sockets. The purpose of this class is to serve
+ * as the superclass of server socket factories that produce client
+ * sockets of a particular type, such as <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) sockets.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class SocketFactory
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Default 0-arguments constructor.
+ */
+ protected SocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the default socket factory. The type of factory
+ * returned may depend upon the installation.
+ *
+ * @return The default socket factory.
+ */
+ public static synchronized SocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("gnu.defaultSocketFactory");
+ if (s != null)
+ {
+ Class c = Class.forName(s);
+ return (SocketFactory) c.newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ return new VanillaSocketFactory();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns an unbound client socket.
+ *
+ * @return The new, unbound socket.
+ */
+ public Socket createSocket() throws IOException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Creates a socket connected to a given host on a given port.
+ *
+ * @param host The hostname to connect to.
+ * @param port The port on <i>host</i> to connect to.
+ * @return A socket connected to <i>host</i> on <i>port</i>.
+ * @throws IOException If a network error occurs.
+ * @throws UnknownHostException If <i>host</i> cannot be resolved.
+ */
+ public abstract Socket createSocket(String host, int port) throws IOException, UnknownHostException;
+
+ /**
+ * Creates a socket connected to a given host on a given port,
+ * connecting locally to the interface with the given address and port.
+ *
+ * @param host The hostname to connect to.
+ * @param port The port on <i>host</i> to connect to.
+ * @param localHost The address of the local interface to bind to.
+ * @param localPort The local port to bind to.
+ * @return A socket connected to <i>host</i> on <i>port</i>.
+ * @throws IOException If a network error occurs.
+ * @throws UnknownHostException If <i>host</i> cannot be resolved.
+ */
+ public abstract Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException;
+
+ /**
+ * Creates a socket connected to a given host on a given port.
+ *
+ * @param host The host address to connect to.
+ * @param port The port on <i>host</i> to connect to.
+ * @return A socket connected to <i>host</i> on <i>port</i>.
+ * @throws IOException If a network error occurs.
+ */
+ public abstract Socket createSocket(InetAddress host, int port) throws IOException;
+
+ /**
+ * Creates a socket connected to a given host on a given port,
+ * connecting locally to the interface with the given address and port.
+ *
+ * @param host The host address to connect to.
+ * @param port The port on <i>host</i> to connect to.
+ * @param localHost The address of the local interface to bind to.
+ * @param localPort The local port to bind to.
+ * @return A socket connected to <i>host</i> on <i>port</i>.
+ * @throws IOException If a network error occurs.
+ */
+ public abstract Socket createSocket(InetAddress hast, int port, InetAddress localHost, int localPort) throws IOException;
+}
--- /dev/null
+/* VanillaServerSocketFactory.java -- trivial socket factory.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+/**
+ * A trivial server socket factory.
+ */
+class VanillaServerSocketFactory extends ServerSocketFactory
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ VanillaServerSocketFactory()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------
+
+ public ServerSocket createServerSocket() throws IOException
+ {
+ return new ServerSocket();
+ }
+
+ public ServerSocket createServerSocket(int port) throws IOException
+ {
+ return new ServerSocket(port);
+ }
+
+ public ServerSocket createServerSocket(int port, int backlog) throws IOException
+ {
+ return new ServerSocket(port, backlog);
+ }
+
+ public ServerSocket createServerSocket(int port, int backlog, InetAddress bindAddress) throws IOException
+ {
+ return new ServerSocket(port, backlog, bindAddress);
+ }
+}
--- /dev/null
+/* VanillaSocketFactory.java -- trivial socket factory.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+/**
+ * A trivial client socket factory.
+ */
+class VanillaSocketFactory extends SocketFactory
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ VanillaSocketFactory()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------
+
+ public Socket createSocket() throws IOException
+ {
+ return new Socket();
+ }
+
+ public Socket createSocket(String host, int port) throws IOException, UnknownHostException
+ {
+ return new Socket(host, port);
+ }
+
+ public Socket createSocket(String host, int port, InetAddress localAddr, int localPort) throws IOException, UnknownHostException
+ {
+ return new Socket(host, port, localAddr, localPort);
+ }
+
+ public Socket createSocket(InetAddress address, int port) throws IOException
+ {
+ return new Socket(address, port);
+ }
+
+ public Socket createSocket(InetAddress address, int port, InetAddress localAddr, int localPort) throws IOException
+ {
+ return new Socket(address, port, localAddr, localPort);
+ }
+}
--- /dev/null
+/* HandshakeCompletedEvent.java -- SSL handshake completed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.Certificate;
+import javax.security.cert.X509Certificate;
+
+/**
+ * An event raised by a SSLSocket and passed to the {@link
+ * HandshakeCompletedListener#handshakeCompleted(HandshakeCompletedEvent)}
+ * method of all registered listeners when a SSL handshake in a SSL
+ * protocol is completed.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class HandshakeCompletedEvent extends java.util.EventObject
+{
+
+ // Fields.
+ // -------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = 7914963744257769778L;
+
+ /** The session. */
+ private transient final SSLSession session;
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Creates a new handshake completed event.
+ *
+ * @param socket The socket (also the source) creating this event.
+ * @param session The associated session object.
+ * @throws NullPointerException If <i>session</i> is null.
+ */
+ public HandshakeCompletedEvent(SSLSocket socket, SSLSession session)
+ {
+ super(socket);
+ if (session == null)
+ throw new NullPointerException();
+ this.session = session;
+ }
+
+ // Instance methods.
+ // --------------------------------------------------------------------
+
+ /**
+ * Returns the name of the cipher that was negotiated in this
+ * connection.
+ *
+ * @return The negotiated cipher name.
+ */
+ public String getCipherSuite()
+ {
+ if (session != null)
+ return session.getCipherSuite();
+ return null;
+ }
+
+ /**
+ * Returns the local certificates being used in this connection.
+ *
+ * @return The local certificates.
+ */
+ public Certificate[] getLocalCertificates()
+ {
+ if (session != null)
+ return session.getLocalCertificates();
+ return null;
+ }
+
+ /**
+ * Returns the peer's certificates being used in this connection.
+ *
+ * @return The peer's certificates.
+ * @throws SSLPeerUnverifiedException If the peer has not been
+ * verified.
+ */
+ public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException
+ {
+ if (session != null)
+ return session.getPeerCertificates();
+ return null;
+ }
+
+ public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException
+ {
+ if (session != null)
+ return session.getPeerCertificateChain();
+ return null;
+ }
+
+ /**
+ * Returns the SSL session object associated with this connection.
+ *
+ * @return The session object.
+ */
+ public SSLSession getSession()
+ {
+ return session;
+ }
+
+ /**
+ * Returns the socket over which this connection is being
+ * negotiated. This method is equivalent to the {@link
+ * java.util.EventObject#getSource()} method.
+ *
+ * @return The socket.
+ */
+ public SSLSocket getSocket()
+ {
+ return (SSLSocket) getSource();
+ }
+}
--- /dev/null
+/* HandshakeCompletedListener.java -- listens for handshake events.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An event listener that waits to be notified of {@link
+ * HandshakeCompletedEvent} objects created when handshake phase of
+ * the SSL protocol is completed for a particular connection.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface HandshakeCompletedListener extends java.util.EventListener
+{
+
+ /**
+ * Called when the handshake phase of the SSL protocol completes.
+ *
+ * @param event The event describing the new connection.
+ */
+ void handshakeCompleted(HandshakeCompletedEvent event);
+}
--- /dev/null
+/* HostnameVerifier.java -- verifies disparate hostnames.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * The interface for classes that perform hostname verification for cases
+ * when the hostname used to begin the connection (such as in a URL)
+ * does not match the hostname used in the SSL handshake.
+ * Implementations of this interface should provide an implementation
+ * of the {@link #verify(java.lang.String,javax.net.ssl.SSLSession)}
+ * method that accepts or rejects hostnames as appropriate.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface HostnameVerifier
+{
+
+ /**
+ * Verifies a hostname given a particular SSL session. This method
+ * should return <code>true</code> if the hostname is an accepted
+ * alias for the hostname negotiated in the SSL handshake.
+ *
+ * @param hostname The hostname in question.
+ * @param session The current SSL session.
+ * @return <code>true</code> if the hostname is acceptable.
+ */
+ boolean verify(String hostname, SSLSession session);
+}
--- /dev/null
+/* HttpsURLConnection.java -- an HTTPS connection.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.security.cert.Certificate;
+
+/**
+ * A URL connection that connects via the <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) for HTTPS connections.
+ *
+ * <p>This class may be used in the same way as {@link
+ * HttpURLConnection}, and it will transparently negotiate the SSL
+ * connection.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class HttpsURLConnection extends HttpURLConnection
+{
+
+ // Fields.
+ // ------------------------------------------------------------------
+
+ /** The default verifier. */
+ private static HostnameVerifier defaultVerifier;
+
+ /** The default factory. */
+ private static SSLSocketFactory defaultFactory;
+
+ /**
+ * The hostname verifier used for this connection.
+ */
+ protected HostnameVerifier hostnameVerifier;
+
+ /**
+ * This connection's socket factory.
+ */
+ private SSLSocketFactory factory;
+
+ // Static initializer.
+ // ------------------------------------------------------------------
+
+ static {
+ defaultVerifier = new TrivialHostnameVerifier();
+ try
+ {
+ defaultFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ }
+ }
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Creates a new HTTPS URL connection.
+ *
+ * @param url The URL of the connection being established.
+ * @throws IOException If the connection cannot be established.
+ */
+ protected HttpsURLConnection(URL url) throws IOException
+ {
+ super(url);
+ hostnameVerifier = defaultVerifier;
+ factory = defaultFactory;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Returns the default hostname verifier used in all new
+ * connections.
+ *
+ * @return The default hostname verifier.
+ */
+ public static HostnameVerifier getDefaultHostnameVerifier()
+ {
+ return defaultVerifier;
+ }
+
+ /**
+ * Sets the default hostname verifier to be used in all new
+ * connections.
+ *
+ * @param newDefault The new default hostname verifier.
+ * @throws IllegalArgumentException If <i>newDefault</i> is null.
+ * @throws SecurityException If there is a security manager
+ * currently installed and the caller does not have the {@link
+ * SSLPermission} "setHostnameVerifier".
+ */
+ public static void setDefaultHostnameVerifier(HostnameVerifier newDefault)
+ {
+ if (newDefault == null)
+ throw new IllegalArgumentException("default verifier cannot be null");
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(new SSLPermission("setHostnameVerifier"));
+ defaultVerifier = newDefault;
+ }
+
+ /**
+ * Returns the default SSL socket factory used in all new
+ * connections.
+ *
+ * @return The default SSL socket factory.
+ */
+ public static SSLSocketFactory getDefaultSSLSocketFactory()
+ {
+ return defaultFactory;
+ }
+
+ /**
+ * Sets the default SSL socket factory to be used in all new
+ * connections.
+ *
+ * @param newDefault The new socket factory.
+ * @throws IllegalArgumentException If <i>newDefault</i> is null.
+ * @throws SecurityException If there is a security manager
+ * installed and a call to {@link
+ * SecurityManager#checkSetFactory()} fails.
+ */
+ public static void setDefaultSSLSocketFactory(SSLSocketFactory newDefault)
+ {
+ if (newDefault == null)
+ throw new IllegalArgumentException("default factory cannot be null");
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSetFactory();
+ defaultFactory = newDefault;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Returns the current hostname verifier for this instance.
+ *
+ * @return The hostname verifier.
+ */
+ public HostnameVerifier getHostnameVerifier()
+ {
+ return hostnameVerifier;
+ }
+
+ /**
+ * Sets the hostname verifier for this instance.
+ *
+ * @param hostnameVerifier The new verifier.
+ * @throws IllegalArgumentException If <i>hostnameVerifier</i> is
+ * null.
+ */
+ public void setHostnameVerifier(HostnameVerifier hostnameVerifier)
+ {
+ if (hostnameVerifier == null)
+ throw new IllegalArgumentException("verifier cannot be null");
+ this.hostnameVerifier = hostnameVerifier;
+ }
+
+ /**
+ * Returns the current SSL socket factory for this instance.
+ *
+ * @return The current SSL socket factory.
+ */
+ public SSLSocketFactory getSSLSocketFactory()
+ {
+ return factory;
+ }
+
+ /**
+ * Sets the SSL socket factory for this instance.
+ *
+ * @param factory The new factory.
+ * @throws IllegalArgumentException If <i>factory</i> is null.
+ */
+ public void setSSLSocketFactory(SSLSocketFactory factory)
+ {
+ if (factory == null)
+ throw new IllegalArgumentException("factory cannot be null");
+ this.factory = factory;
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the cipher name negotiated for this connection.
+ *
+ * @return The cipher name.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ */
+ public abstract String getCipherSuite();
+
+ /**
+ * Returns the certificates used on the local side in this
+ * connection.
+ *
+ * @return The local certificates.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ */
+ public abstract Certificate[] getLocalCertificates();
+
+ /**
+ * Returns the certificates sent by the other party.
+ *
+ * @return The peer's certificates.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ * @throws SSLPeerUnverifiedException If the peer could not be
+ * verified.
+ */
+ public abstract Certificate[] getServerCertificates() throws SSLPeerUnverifiedException;
+}
--- /dev/null
+/* KeyManager.java -- marker interface for key manager classes.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for objects that serve as key managers in SSL
+ * communications. Key managers typically keep track of the public
+ * certificates and private keys when authenticating the local host to
+ * remote host, and thus is typically used in SSL servers.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface KeyManager
+{
+}
--- /dev/null
+/* KeyManagerFactory.java -- factory for key managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+
+import gnu.java.security.Engine;
+
+/**
+ * A class that creates key manager implementations based on a
+ * requested algorithm.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class KeyManagerFactory
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------
+
+ /** The service name for key manager factories. */
+ private static final String KEY_MANAGER_FACTORY = "KeyManagerFactory";
+
+ /** The system default trust manager algorithm. */
+ private static final String DEFAULT_ALGORITHM = "JessieX509";
+
+ /** The underlying engine. */
+ private final KeyManagerFactorySpi kmfSpi;
+
+ /** The provider of this implementation. */
+ private final Provider provider;
+
+ /** The name of this algorithm. */
+ private final String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Create a new key manager factory.
+ *
+ * @param kmfSpi The underlying engine.
+ * @param provider The engine's provider.
+ * @param algorithm The name of this algorithm.
+ */
+ protected KeyManagerFactory(KeyManagerFactorySpi kmfSpi,
+ Provider provider, String algorithm)
+ {
+ this.kmfSpi = kmfSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Get the default algorithm name. This value may be specified at
+ * run-time via the security property
+ * "ssl.KeyManagerFactory.algorithm". If this property is
+ * not specified, this method returns "JessieX509".
+ *
+ * @return The default key manager factory algorithm's name.
+ */
+ public static final String getDefaultAlgorithm()
+ {
+ String alg = null;
+ try
+ {
+ alg = (String) AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty("ssl.KeyManagerFactory.algorithm");
+ }
+ }
+ );
+ }
+ catch (SecurityException se)
+ {
+ }
+ if (alg == null)
+ alg = DEFAULT_ALGORITHM;
+ return alg;
+ }
+
+ /**
+ * Get an instance of the named key manager factory, from the first
+ * provider that implements it.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @return An appropriate implementation of that algoritm.
+ * @throws NoSuchAlgorithmException If no provider implements the
+ * requested algorithm.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException ignore)
+ {
+ }
+ }
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Get an instance of the named key manager factory, from the named
+ * provider.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @param provider The name of the provider to get the
+ * implementation from.
+ * @return An appropriate implementation of that algorithm.
+ * @throws NoSuchAlgorithmException If the provider does not
+ * implement the requested algorithm.
+ * @throws NoSuchProviderException If the named provider does not
+ * exist.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider is null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Get an instance of the named key manager factory, from the given
+ * provider.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @param provider The provider to get the implementation from.
+ * @return An appropriate implementation of that algorithm.
+ * @throws NoSuchAlgorithmException If the provider does not
+ * implement the requested algorithm.
+ * @throws IllegalArgumentException If <i>provider</i> is null.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider is null");
+ try
+ {
+ return new KeyManagerFactory((KeyManagerFactorySpi)
+ Engine.getInstance(KEY_MANAGER_FACTORY, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the name of this key manager factory algorithm.
+ *
+ * @return The name of this key manager factory algorithm.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Get an array of key managers appropriate for this algorithm, with
+ * the most preferred manager first.
+ *
+ * @return The array of key managers.
+ */
+ public final KeyManager[] getKeyManagers()
+ {
+ return kmfSpi.engineGetKeyManagers();
+ }
+
+ /**
+ * Returns the provider of this implementation.
+ *
+ * @return The provider of this implementation.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this instance with an implementation-dependent
+ * parameter object.
+ *
+ * @param params The parameters to initialize with.
+ * @throws InvalidAlgorithmParameterException If the specified
+ * parameters are inappropriate.
+ */
+ public final void init(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ kmfSpi.engineInit(params);
+ }
+
+ /**
+ * Initialize this instance with a key store and a password for
+ * private key entries.
+ *
+ * @param store The key store to read.
+ * @param passwd The password protecting private keys in the store.
+ * @throws KeyStoreException If an error occurs reading the keys.
+ * @throws NoSuchAlgorithmException If an algorithm (such as a
+ * certificate algorithm) is not available.
+ * @throws UnrecoverableKeyException If the password is incorrect.
+ */
+ public final void init(KeyStore store, char[] passwd)
+ throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException
+ {
+ kmfSpi.engineInit(store, passwd);
+ }
+}
--- /dev/null
+/* KeyManagerFactorySpi.java -- SPI for key manager factories.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for key manager
+ * factories.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class KeyManagerFactorySpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ public KeyManagerFactorySpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Engine method for retrieving this factory's key managers.
+ *
+ * @return The key managers.
+ */
+ protected abstract KeyManager[] engineGetKeyManagers();
+
+ /**
+ * Engine method for initializing this factory with some
+ * algorithm-specific parameters.
+ *
+ * @param params The factory parameters.
+ * @throws InvalidAlgorithmParameterException If the supplied parameters
+ * are inappropriate for this instance.
+ */
+ protected abstract void engineInit(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException;
+
+ /**
+ * Engine method for initializing this factory with a key store and a
+ * password for private keys. Either parameter may be <code>null</code>,
+ * in which case some default parameters (possibly derived from system
+ * properties) should be used.
+ *
+ * @param store The key store.
+ * @param passwd The private key password.
+ * @throws KeyStoreException If the key store cannot be accessed.
+ * @throws NoSuchAlgorithmException If some of the data from the key
+ * store cannot be retrieved.
+ * @throws UnrecoverableKeyException If a private key cannot be retrieved,
+ * likely from a wrong password.
+ */
+ protected abstract void engineInit(KeyStore store, char[] passwd)
+ throws KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException;
+}
--- /dev/null
+/* ManagerFactoryParameters.java -- marker interface for manager parameters.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for classes that serve as key or trust manager
+ * parameters, used to initialize instances of {@link
+ * KeyManagerFactory} or {@link TrustManagerFactory}.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface ManagerFactoryParameters
+{
+}
--- /dev/null
+/* SSLContext.java -- an SSL protocol context.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+
+import gnu.java.security.Engine;
+
+/**
+ * A "meta-factory" for protocol-specific socket and server socket
+ * factories. This class serves as a clearinghouse for socket
+ * factories and cached session contexts for a particular protocol,
+ * such as SSLv3.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class SSLContext
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------
+
+ /** Service name for SSL contexts. */
+ private static final String SSL_CONTEXT = "SSLContext";
+
+ /** The underlying engine. */
+ private final SSLContextSpi ctxSpi;
+
+ /** The provider of the engine class. */
+ private final Provider provider;
+
+ /** The protocal name. */
+ private final String protocol;
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Create a new SSL context.
+ *
+ * @param ctxSpi The context engine.
+ * @param provider The provider of the implementation.
+ * @param protocol The name of the SSL protocol.
+ */
+ protected SSLContext(SSLContextSpi ctxSpi, Provider provider,
+ String protocol)
+ {
+ this.ctxSpi = ctxSpi;
+ this.provider = provider;
+ this.protocol = protocol;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Get an instance of a context for the specified protocol from the
+ * first provider that implements it.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @return The new context.
+ * @throws NoSuchAlgorithm If no provider implements the given
+ * protocol.
+ */
+ public static final SSLContext getInstance(String protocol)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(protocol, provs[i]);
+ }
+ catch (NoSuchAlgorithmException ignore)
+ {
+ }
+ }
+ throw new NoSuchAlgorithmException(protocol);
+ }
+
+ /**
+ * Get an instance of a context for the specified protocol from the
+ * named provider.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @param provider The name of the provider to get the
+ * implementation from.
+ * @return The new context.
+ * @throws NoSuchAlgorithmException If the provider does not
+ * implement the given protocol.
+ * @throws NoSuchProviderException If the named provider does not
+ * exist.
+ * @throws IllegalArgumentException If <i>provider</i> is null.
+ */
+ public static final SSLContext getInstance(String protocol,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ {
+ throw new IllegalArgumentException();
+ }
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(protocol, p);
+ }
+
+ /**
+ * Get an instance of a context for the specified protocol from the
+ * specified provider.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @param provider The name of the provider to get the
+ * implementation from.
+ * @return The new context.
+ * @throws NoSuchAlgorithmException If the provider does not
+ * implement the given protocol.
+ * @throws IllegalArgumentException If <i>provider</i> is null.
+ */
+ public static final SSLContext getInstance(String protocol,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new SSLContext((SSLContextSpi)
+ Engine.getInstance(SSL_CONTEXT, protocol, provider),
+ provider, protocol);
+ }
+ catch (InvocationTargetException ite)
+ {
+ ite.printStackTrace();
+ throw new NoSuchAlgorithmException();
+ }
+ catch (ClassCastException cce)
+ {
+ cce.printStackTrace();
+ throw new NoSuchAlgorithmException();
+ }
+ }
+
+ // Instance methods.
+ // -----------------------------------------------------------------
+
+ /**
+ * Returns the set of SSL contexts available for client connections.
+ *
+ * @return The set of SSL contexts available for client connections.
+ */
+ public final SSLSessionContext getClientSessionContext()
+ {
+ return ctxSpi.engineGetClientSessionContext();
+ }
+
+ /**
+ * Returns the protocol name of this context.
+ *
+ * @return The protocol name of this context.
+ */
+ public final String getProtocol()
+ {
+ return protocol;
+ }
+
+ /**
+ * Returns the provider of this implementation.
+ *
+ * @return The provider of this implementation.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the set of SSL contexts available for server connections.
+ *
+ * @return The set of SSL contexts available for server connections.
+ */
+ public final SSLSessionContext getServerSessionContext()
+ {
+ return ctxSpi.engineGetServerSessionContext();
+ }
+
+ /**
+ * Returns the factory for server SSL sockets.
+ *
+ * @return The factory for server SSL sockets.
+ */
+ public final SSLServerSocketFactory getServerSocketFactory()
+ {
+ return ctxSpi.engineGetServerSocketFactory();
+ }
+
+ /**
+ * Returns the factory for client SSL sockets.
+ *
+ * @return The factory for client SSL sockets.
+ */
+ public final SSLSocketFactory getSocketFactory()
+ {
+ return ctxSpi.engineGetSocketFactory();
+ }
+
+ /**
+ * Initializes this context and prepares it for producing socket
+ * factories. All of the parameters are optional; default values are
+ * used if left unspecified.
+ *
+ * @param keyManagers The set of key managers to use.
+ * @param trustManagers The set of trust managers to use.
+ * @param random A source of random bits to use.
+ * @throws KeyManagementException If initialization fails.
+ */
+ public final void init(KeyManager[] keyManagers,
+ TrustManager[] trustManagers,
+ SecureRandom random)
+ throws KeyManagementException
+ {
+ ctxSpi.engineInit(keyManagers, trustManagers, random);
+ }
+}
--- /dev/null
+/* SSLContextSpi.java -- SPI for SSL contexts.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.KeyManagementException;
+import java.security.SecureRandom;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for SSLContext
+ * objects.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class SSLContextSpi
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Create a new SSLContextSpi.
+ */
+ public SSLContextSpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the set of SSL sessions available for client connections.
+ *
+ * @return The set of SSL sessions available for client connections.
+ */
+ protected abstract SSLSessionContext engineGetClientSessionContext();
+
+ /**
+ * Returns the set of SSL sessions available for server connections.
+ *
+ * @return The set of SSL sessions available for server connections.
+ */
+ protected abstract SSLSessionContext engineGetServerSessionContext();
+
+ /**
+ * Returns the SSL server socket factory.
+ *
+ * @return The SSL server socket factory.
+ */
+ protected abstract SSLServerSocketFactory engineGetServerSocketFactory();
+
+ /**
+ * Returns the SSL client socket factory.
+ *
+ * @return The SSL client socket factory.
+ */
+ protected abstract SSLSocketFactory engineGetSocketFactory();
+
+ /**
+ * Initialize this context with key and trust managers, and a source
+ * of randomness. All of the parameters are optional.
+ *
+ * @param keyManagers The set of key managers.
+ * @param trustManagers The set of trust managers.
+ * @param random The source of randomness.
+ * @throws KeyManagementException If this context cannot be
+ * initialized with these parameters.
+ */
+ protected abstract void engineInit(KeyManager[] keyManagers,
+ TrustManager[] trustManagers,
+ SecureRandom random)
+ throws KeyManagementException;
+}
--- /dev/null
+/* SSLException.java -- generic SSL exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+
+/**
+ * The superclass of all possible SSL exceptions. Usually, a specific
+ * exception is thrown instead of this exception.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class SSLException extends IOException
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ public SSLException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* SSLHandshakeException.java -- exception in SSL handshake.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception that signals an error in the SSL handshake phase.
+ */
+public class SSLHandshakeException extends SSLException
+{
+
+ public SSLHandshakeException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* SSLKeyException.java -- exception in using a key in SSL.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception signaling a problem using a public or private key in
+ * an SSL communication.
+ */
+public class SSLKeyException extends SSLException
+{
+
+ public SSLKeyException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* SSLPeerUnverifiedException.java -- unverified peer exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception thrown when the remote peer could not be verified.
+ */
+public class SSLPeerUnverifiedException extends SSLException
+{
+
+ public SSLPeerUnverifiedException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+/* SSLPermission.java -- SSL permission class.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.BasicPermission;
+
+/**
+ * A permission used for accessing SSL classes.
+ */
+public class SSLPermission extends BasicPermission
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -3456898025505876775L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public SSLPermission(String name)
+ {
+ super(name);
+ }
+
+ public SSLPermission(String name, String actions)
+ {
+ super(name, actions);
+ }
+}
--- /dev/null
+/* SSLProtocolException.java -- exception in SSL protocol.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception thrown when a fatal protocol error is encountered. This
+ * exception usually indicates some serious problem with the local or
+ * remote SSL implementation.
+ */
+public class SSLProtocolException extends SSLException
+{
+
+ public SSLProtocolException(String message)
+ {
+ super(message);
+ }
+}
--- /dev/null
+// THIS IS A GENERATED FILE. DO NOT EDIT. -*- buffer-read-only: t -*-
+/* SSLServerSocket.java -- a server socket for SSL connections.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+/**
+ * A server socket that allows clients to connect via the SSL protocol.
+ */
+public abstract class SSLServerSocket extends ServerSocket
+{
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ protected SSLServerSocket() throws IOException
+ {
+ super();
+ //super(0);
+ //throw new UnsupportedOperationException("1.4 socket methods not enabled");
+ }
+
+ protected SSLServerSocket(int port) throws IOException
+ {
+ super(port);
+ }
+
+ protected SSLServerSocket(int port, int backlog) throws IOException
+ {
+ super(port, backlog);
+ }
+
+ protected SSLServerSocket(int port, int backlog, InetAddress bindAddress)
+ throws IOException
+ {
+ super(port, backlog, bindAddress);
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the list of cihper suites that are currently enabled in this
+ * server socket. Sockets accepted by this server socket will only have
+ * these suites enabled.
+ *
+ * @return The enabled cipher suites.
+ */
+ public abstract String[] getEnabledCipherSuites();
+
+ /**
+ * Sets the list enabled cipher suites.
+ *
+ * @param suites The cipher suites to enable.
+ */
+ public abstract void setEnabledCipherSuites(String[] suites);
+
+ /**
+ * Returns the list of enabled protocols, such as "SSLv3" and "TLSv1".
+ *
+ * @return The enabled protocols.
+ */
+ public abstract String[] getEnabledProtocols();
+
+ /**
+ * Sets the list of enabled protocols.
+ *
+ * @param protocols The list of protocols to enable.
+ */
+ public abstract void setEnabledProtocols(String[] protocols);
+
+ /**
+ * Returns whether or not sessions will be created, i.e., whether or not
+ * this server socket will allow SSL session resumption.
+ *
+ * @return True if sessions will be created.
+ */
+ public abstract boolean getEnableSessionCreation();
+
+ /**
+ * Sets whether or not sessions will be created.
+ *
+ * @param enabled The new enabled value.
+ */
+ public abstract void setEnableSessionCreation(boolean enabled);
+
+ /**
+ * Returns whether or not this server socket will require clients to
+ * authenticate themselves, such as through a certificate.
+ *
+ * @return True if clients must authenticate themselves.
+ */
+ public abstract boolean getNeedClientAuth();
+
+ /**
+ * Enabled or disables the requirement that clients authenticate themselves.
+ * When this is set to <code>true</code>, connections will be rejected if
+ * connecting clients do not provide proper authentication.
+ *
+ * @param needAuth The new need auth value.
+ */
+ public abstract void setNeedClientAuth(boolean needAuth);
+
+ /**
+ * Returns whether or not sockets accepted by this server socket will do
+ * their handshake as the client-side. The default is false.
+ *
+ * @return True if client mode will be used.
+ */
+ public abstract boolean getUseClientMode();
+
+ /**
+ * Sets whether or not sockets accepted by this server socket will be
+ * created in client mode.
+ *
+ * @param clientMode The new client mode value.
+ */
+ public abstract void setUseClientMode(boolean clientMode);
+
+ /**
+ * Returns whether or not this socket will ask for, but not require, that
+ * connecting clients authenticate themselves. Clients that do not
+ * provide authentication they will still be allowed to connect.
+ *
+ * @return True if this server socket wants client authentication.
+ */
+ public abstract boolean getWantClientAuth();
+
+ /**
+ * Sets whether or not this server socket will want client authentication.
+ *
+ * @param wantAuth The new want auth value.
+ */
+ public abstract void setWantClientAuth(boolean wantAuth);
+
+ /**
+ * Returns a list of cipher suites that this server socket supports.
+ *
+ * @return The list of supported suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+
+ /**
+ * Returns a list of SSL protocols supported by this server socket.
+ *
+ * @return The list of supported protocols.
+ */
+ public abstract String[] getSupportedProtocols();
+}
--- /dev/null
+/* SSLServerSocketFactory.java -- factory for SSL server sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.KeyStore;
+import java.security.Security;
+import javax.net.ServerSocketFactory;
+
+/**
+ * A server socket factory for <i>Secure Socket Layer</i> (<b>SSL</b>)
+ * server sockets.
+ */
+public abstract class SSLServerSocketFactory extends ServerSocketFactory
+{
+
+ // Field.
+ // -------------------------------------------------------------------------
+
+ private static SSLContext context;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ protected SSLServerSocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns a default implementation of a SSL server socket factory.
+ *
+ * <p>To control the class that gets returned by this method, set the
+ * security property "ssl.ServerSocketFactory.provider" to the class
+ * name of a concrete implementation of this class. If not set, a
+ * system-dependent implementation will be used.</p>
+ *
+ * <p>The implementation returned is created by the first implementation
+ * of the {@link SSLContext} class found, which is initialized with
+ * default parameters. To control the key and trust manager factory
+ * algorithms used as defaults, set the security properties
+ * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm"
+ * to the appropriate names.</p>
+ *
+ * <p>Using this method is not recommended. Instead, use the methods of
+ * {@link SSLContext}, which provide much better control over the
+ * creation of server socket factories.</p>
+ *
+ * @return The default server socket factory.
+ * @throws RuntimeException If no default can be created.
+ */
+ public static synchronized ServerSocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("ssl.ServerSocketFactory.provider");
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ if (s != null && cl != null)
+ {
+ return (ServerSocketFactory) cl.loadClass(s).newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ if (context == null)
+ {
+ KeyManager[] km = null;
+ TrustManager[] tm = null;
+
+ // 1. Determine which algorithms to use for the key and trust
+ // manager factories.
+ String kmAlg = KeyManagerFactory.getDefaultAlgorithm();
+ String tmAlg = TrustManagerFactory.getDefaultAlgorithm();
+ // 2. Try to initialize the factories with default parameters.
+ try
+ {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg);
+ kmf.init(null, null);
+ km = kmf.getKeyManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+ try
+ {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg);
+ tmf.init((KeyStore) null);
+ tm = tmf.getTrustManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+
+ // 3. Create and initialize a context.
+ try
+ {
+ context = SSLContext.getInstance("SSLv3");
+ context.init(km, tm, null);
+ }
+ catch (Exception ex)
+ {
+ throw new RuntimeException("error instantiating default server socket factory: "
+ + ex.toString());
+ }
+ }
+ try
+ {
+ return context.getServerSocketFactory();
+ }
+ catch (Exception e)
+ {
+ }
+ throw new RuntimeException("no SSLSocketFactory implementation available");
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the list of cipher suites that will be enabled in server sockets
+ * created by this factory.
+ *
+ * @return The default cipher suites.
+ */
+ public abstract String[] getDefaultCipherSuites();
+
+ /**
+ * Returns the list of all cipher suites supported by this factory.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+}
--- /dev/null
+/* SSLSession.java -- an SSL session.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.Certificate;
+import javax.security.cert.X509Certificate;
+
+/**
+ * An SSL session is a mechanism through which connections can be established
+ * by re-using previously negotiated handshakes.
+ */
+public interface SSLSession
+{
+
+ /**
+ * Returns this session's cihper suite.
+ *
+ * @return The cipher suite.
+ */
+ String getCipherSuite();
+
+ /**
+ * Returns the time in milliseconds since midnight GMT, 1 January 1970, that
+ * this session was created.
+ *
+ * @return The creation time.
+ */
+ long getCreationTime();
+
+ /**
+ * Returns this session's unique identifier, a arbitrary byte array of up
+ * to 32 bytes.
+ *
+ * @return The session identifier.
+ */
+ byte[] getId();
+
+ /**
+ * Returns the last time this session was accessed.
+ *
+ * @return The lest time this session was accessed.
+ */
+ long getLastAccessedTime();
+
+ /**
+ * Returns the chain of certificates that the local side used in the
+ * handshake, or null if none were used.
+ *
+ * @return The local certificate chain.
+ */
+ Certificate[] getLocalCertificates();
+
+ /**
+ * Returns the chain of certificates that the remote side used in
+ * the handshake, or null if none were used.
+ *
+ * @return The peer's certificate chain.
+ * @throws SSLPeerUnverifiedException If the identity of the peer has
+ * not been verified.
+ */
+ Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException;
+
+ /**
+ * Returns the chain of certificates that the remote side used in
+ * the handshake, or null if none were used.
+ *
+ * @return The peer's certificate chain.
+ * @throws SSLPeerUnverifiedException If the identity of the peer has
+ * not been verified.
+ */
+ X509Certificate[] getPeerCertificateChain()
+ throws SSLPeerUnverifiedException;
+
+ /**
+ * Returns the remote host's name.
+ *
+ * @return The name of the remote host.
+ */
+ String getPeerHost();
+
+ /**
+ * Returns the protocol this session uses.
+ *
+ * @return The protocol.
+ */
+ String getProtocol();
+
+ /**
+ * Returns this session's session context object.
+ *
+ * @return The session context.
+ * @throws SecurityException If the caller does not have the
+ * {@link SSLPermission} "getSessionContext".
+ */
+ SSLSessionContext getSessionContext();
+
+ /**
+ * Returns the names of all values bound to this session.
+ *
+ * @return The list of bound names.
+ */
+ String[] getValueNames();
+
+ /**
+ * Returns the object bound to the given name.
+ *
+ * @param name The name of the value to get.
+ * @return The object bound by that name, or null.
+ */
+ Object getValue(String name);
+
+ /**
+ * Invalidates this session, ensuring that it will not be continued by
+ * another socket.
+ */
+ void invalidate();
+
+ /**
+ * Binds a value to this session, with the given name.
+ *
+ * @param name The name to bind the object with.
+ * @param value The value to bind.
+ */
+ void putValue(String name, Object value);
+
+ /**
+ * Un-binds a value.
+ *
+ * @param name The name of the value to un-bind.
+ */
+ void removeValue(String name);
+}
--- /dev/null
+/* SSLSessionBindingEvent.java -- SSL binding event.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.EventObject;
+
+/**
+ * An event raised by {@link SSLSession} objects when objects are bound to
+ * them.
+ */
+public class SSLSessionBindingEvent extends EventObject
+{
+
+ // Fields.
+ // -------------------------------------------------------------------
+
+ private static final long serialVersionUID = 3989172637106345L;
+
+ private final String name;
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Creates a new binding event.
+ *
+ * @param session The session being bound to.
+ * @param name The name the object was bound under.
+ */
+ public SSLSessionBindingEvent(SSLSession session, String name)
+ {
+ super(session);
+ this.name = name;
+ }
+
+ // Instance methods.
+ // --------------------------------------------------------------------
+
+ /**
+ * Returns the name the object was bound under.
+ *
+ * @return The name.
+ */
+ public String getName()
+ {
+ return name;
+ }
+
+ /**
+ * Returns the session that the object was bound to.
+ *
+ * @return The session.
+ */
+ public SSLSession getSession()
+ {
+ return (SSLSession) getSource();
+ }
+}
--- /dev/null
+/* SSLSessionBindingListener.java -- listener for SSL bindings.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.EventListener;
+
+/**
+ * An event listener interface that should be notified when it is bound or
+ * unbound to a {@link SSLSession}.
+ */
+public interface SSLSessionBindingListener extends EventListener
+{
+
+ /**
+ * This method is called of all objects when they are bound to an SSL
+ * session.
+ *
+ * @param event The binding event.
+ */
+ void valueBound(SSLSessionBindingEvent event);
+
+ /**
+ * This method is called of all objects when they are unbound to an SSL
+ * session.
+ *
+ * @param event The binding event.
+ */
+ void valueUnbound(SSLSessionBindingEvent event);
+}
--- /dev/null
+/* SSLSessionContext.java -- collection of SSL sessions.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.Enumeration;
+
+/**
+ * A collection of saved SSL sessions, with thier corresponding session
+ * IDs.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface SSLSessionContext
+{
+
+ /**
+ * Returns an enumeration of all saved session IDs. Every element in
+ * the returned enumeration is a byte array.
+ *
+ * @return The session IDs.
+ */
+ Enumeration getIds();
+
+ /**
+ * Gets the session specified by its ID, or <code>null</code> if there
+ * is no session, or if it has expired.
+ *
+ * @param sessionId The ID of the session to get.
+ * @return The session, or <code>null</code>.
+ */
+ SSLSession getSession(byte[] sessionId);
+
+ /**
+ * Returns the maximum number of sessions that may be cached by this
+ * session context.
+ *
+ * @return The maximum number of sessions that may be cached.
+ */
+ int getSessionCacheSize();
+
+ /**
+ * Returns the period of time (in seconds) that a session may be cached
+ * for before becoming invalid.
+ *
+ * @return The time a session may be valid.
+ */
+ int getSessionTimeout();
+
+ /**
+ * Sets the maximum number of sessions that may be cached by this
+ * session context. A cache size of 0 means no limit.
+ *
+ * @param size The new cache size.
+ * @throws IllegalArgumentException If <code>size</code> is negative.
+ */
+ void setSessionCacheSize(int size);
+
+ /**
+ * Sets the period of time (in seconds) that a session may be cached
+ * for before becoming invalid. A timeout of 0 means that sessions
+ * never expire.
+ *
+ * @param seconds The new timeout.
+ * @throws IllegalArgumentException If <code>seconds</code> is negative.
+ */
+ void setSessionTimeout(int seconds);
+}
--- /dev/null
+/* SSLSocket.java -- an SSL client socket.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+/**
+ * A socket that communicates over the secure socket layer protocol.
+ */
+public abstract class SSLSocket extends Socket
+{
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ protected SSLSocket()
+ {
+ super();
+ }
+
+ protected SSLSocket(String host, int port)
+ throws IOException, UnknownHostException
+ {
+ super(host, port);
+ }
+
+ protected SSLSocket(InetAddress address, int port) throws IOException
+ {
+ super(address, port);
+ }
+
+ protected SSLSocket(String host, int port,
+ InetAddress localAddr, int localPort)
+ throws IOException, UnknownHostException
+ {
+ super(host, port, localAddr, localPort);
+ }
+
+ protected SSLSocket(InetAddress address, int port,
+ InetAddress localAddr, int localPort)
+ throws IOException
+ {
+ super(address, port, localAddr, localPort);
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Adds a handshake completed listener that wants to be notified when the
+ * SSL handshake completes.
+ *
+ * @param listener The listener to add.
+ */
+ public abstract void
+ addHandshakeCompletedListener(HandshakeCompletedListener listener);
+
+ /**
+ * Removes a handshake listener from this socket.
+ *
+ * @param listener The listener to remove.
+ */
+ public abstract void
+ removeHandshakeCompletedListener(HandshakeCompletedListener listener);
+
+ /**
+ * Returns the list of currently enabled cipher suites.
+ *
+ * @return The list of enabled cipher suites.
+ */
+ public abstract String[] getEnabledCipherSuites();
+
+ /**
+ * Sets the list of enabled cipher suites.
+ *
+ * @param suites The list of suites to enable.
+ */
+ public abstract void setEnabledCipherSuites(String[] suites);
+
+ /**
+ * Returns the list of enabled SSL protocols.
+ *
+ * @return The list of enabled protocols.
+ */
+ public abstract String[] getEnabledProtocols();
+
+ /**
+ * Sets the list of enabled SSL protocols.
+ *
+ * @param protocols The list of protocols to enable.
+ */
+ public abstract void setEnabledProtocols(String[] protocols);
+
+ /**
+ * Returns whether or not sessions will be created by this socket, and thus
+ * allow sessions to be continued later.
+ *
+ * @return Whether or not sessions will be created.
+ */
+ public abstract boolean getEnableSessionCreation();
+
+ /**
+ * Sets whether or not sessions will be created by this socket.
+ *
+ * @param enable The new value.
+ */
+ public abstract void setEnableSessionCreation(boolean enable);
+
+ /**
+ * Returns whether or not this socket will require connecting clients to
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @return Whether or not this socket requires client authentication.
+ */
+ public abstract boolean getNeedClientAuth();
+
+ /**
+ * Sets whether or not this socket will require connecting clients to
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @param needAuth The new need auth value.
+ */
+ public abstract void setNeedClientAuth(boolean needAuth);
+
+ /**
+ * Returns this socket's session object.
+ *
+ * @return The session.
+ */
+ public abstract SSLSession getSession();
+
+ /**
+ * Returns the list of cipher suites supported by this socket.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+
+ /**
+ * Returns the list of protocols supported by this socket.
+ *
+ * @return The list of supported protocols.
+ */
+ public abstract String[] getSupportedProtocols();
+
+ /**
+ * Returns whether or not this socket will connect in client mode.
+ *
+ * @return True if this is a client socket.
+ */
+ public abstract boolean getUseClientMode();
+
+ /**
+ * Sets whether or not this socket will connect in client mode.
+ *
+ * @param clientMode The new value.
+ */
+ public abstract void setUseClientMode(boolean clientMode);
+
+ /**
+ * Returns whether or not this socket will request that connecting clients
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @return The want client auth value.
+ */
+ public abstract boolean getWantClientAuth();
+
+ /**
+ * Sets whether or not this socket will request that connecting clients
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @param wantAuth The new want auth value.
+ */
+ public abstract void setWantClientAuth(boolean wantAuth);
+
+ /**
+ * Explicitly begins the handshake, or, if the handshake has already
+ * completed, requests that the handshake be repeated.
+ *
+ * <p>The handshake will begin implicitly when any attempt to read or
+ * write to the socket is made.</p>
+ *
+ * @throws IOException If an I/O or SSL error occurs.
+ */
+ public abstract void startHandshake() throws IOException;
+}
--- /dev/null
+/* SSLSocketFactory.java -- factory for SSL client sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.security.AccessController;
+import java.security.KeyStore;
+import java.security.PrivilegedAction;
+import java.security.Security;
+import javax.net.SocketFactory;
+
+/**
+ * A socket factory for creating <i>Secure Socket Layer</i> (<b>SSL</b>)
+ * sockets.
+ */
+public abstract class SSLSocketFactory extends SocketFactory
+{
+
+ // Constants.
+ // -------------------------------------------------------------------------
+
+ private static SSLContext context;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public SSLSocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns a default implementation of a SSL socket factory.
+ *
+ * <p>To control the class that gets returned by this method, set the
+ * security property "ssl.SocketFactory.provider" to the class
+ * name of a concrete implementation of this class. If not set, a
+ * system-dependent implementation will be used.</p>
+ *
+ * <p>The implementation returned is created by the first implementation
+ * of the {@link SSLContext} class found, which is initialized with
+ * default parameters. To control the key and trust manager factory
+ * algorithms used as defaults, set the security properties
+ * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm"
+ * to the appropriate names.</p>
+ *
+ * <p>Using this method is not recommended. Instead, use the methods of
+ * {@link SSLContext}, which provide much better control over the
+ * creation of socket factories.</p>
+ *
+ * @return The default socket factory.
+ * @throws RuntimeException If no default can be created.
+ */
+ public static synchronized SocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("ssl.SocketFactory.provider");
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ if (s != null && cl != null)
+ {
+ return (SocketFactory) cl.loadClass(s).newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ if (context == null)
+ {
+ KeyManager[] km = null;
+ TrustManager[] tm = null;
+
+ // 1. Determine which algorithms to use for the key and trust
+ // manager factories.
+ String kmAlg = KeyManagerFactory.getDefaultAlgorithm();
+ String tmAlg = TrustManagerFactory.getDefaultAlgorithm();
+
+ // 2. Try to initialize the factories with default parameters.
+ try
+ {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg);
+ kmf.init(null, null);
+ km = kmf.getKeyManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+ try
+ {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg);
+ tmf.init((KeyStore) null);
+ tm = tmf.getTrustManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+
+ // 3. Create and initialize a context.
+ try
+ {
+ context = SSLContext.getInstance("SSLv3");
+ context.init(km, tm, null);
+ }
+ catch (Exception ex)
+ {
+ throw new RuntimeException("error instantiating default socket factory: "
+ + ex.toString());
+ }
+ }
+ try
+ {
+ return context.getSocketFactory();
+ }
+ catch (Exception e)
+ {
+ }
+ throw new RuntimeException("no SSLSocketFactory implementation available");
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a SSL socket wrapped around an existing socket.
+ *
+ * @param socket The socket to wrap.
+ * @param host The host the socket is connected to.
+ * @param port The port the socket is connected to.
+ * @param autoClose Whether or not the wrapped socket should be closed
+ * automatically.
+ * @return The new SSL socket.
+ * @throws IOException If the socket could not be created.
+ */
+ public abstract Socket createSocket(Socket socket, String host,
+ int port, boolean autoClose)
+ throws IOException;
+
+ /**
+ * Returns the list of cipher suites that will be enabled in sockets
+ * created by this factory.
+ *
+ * @return The default cipher suites.
+ */
+ public abstract String[] getDefaultCipherSuites();
+
+ /**
+ * Returns the list of all cipher suites supported by this factory.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+}
--- /dev/null
+/* TrivialHostnameVerifier.java -- non-verifing verifier.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A hostname verifier that always rejects mismatched hostnames.
+ */
+class TrivialHostnameVerifier implements HostnameVerifier
+{
+
+ public boolean verify(String hostname, SSLSession session)
+ {
+ return false;
+ }
+}
--- /dev/null
+/* TrustManager.java -- marker interface for trust managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for classes that establish the trust of remote
+ * hosts.
+ */
+public interface TrustManager
+{
+}
--- /dev/null
+/* TrustManagerFactory.java -- factory for trust managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+
+import gnu.java.security.Engine;
+
+/**
+ * A factory for creating trust manager objects.
+ */
+public class TrustManagerFactory
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ /** The service name for trust manager factories. */
+ private static final String TRUST_MANAGER_FACTORY = "TrustManagerFactory";
+
+ /** The system default trust manager algorithm. */
+ private static final String DEFAULT_ALGORITHM = "JessieX509";
+
+ /** The underlying engine class. */
+ private final TrustManagerFactorySpi tmfSpi;
+
+ /** The provider of the engine class. */
+ private final Provider provider;
+
+ /** The name of this trust manager algorithm. */
+ private final String algorithm;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new trust manager factory.
+ *
+ * @param tmfSpi The underlying engine class.
+ * @param provider The provider of the engine class.
+ * @param algorithm The trust manager algorithm name.
+ */
+ protected TrustManagerFactory(TrustManagerFactorySpi tmfSpi,
+ Provider provider, String algorithm)
+ {
+ this.tmfSpi = tmfSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm
+ * from the first provider that implements it.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If no provider implements the given
+ * algorithm.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException ignore)
+ {
+ }
+ }
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm
+ * from the named provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The name of the provider to get the instance from.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * given algorithm.
+ * @throws NoSuchProviderException If there is no such named provider.
+ * @throws IllegalArgumentException If the provider argument is null.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ {
+ throw new IllegalArgumentException();
+ }
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm
+ * from the specified provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The provider to get the instance from.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * given algorithm.
+ * @throws IllegalArgumentException If the provider argument is null.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ if (provider == null)
+ {
+ throw new IllegalArgumentException();
+ }
+ try
+ {
+ return new TrustManagerFactory((TrustManagerFactorySpi)
+ Engine.getInstance(TRUST_MANAGER_FACTORY, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ /**
+ * Returns the default algorithm for trust manager factories. The value
+ * returned is either the value of the security property
+ * "ssl.TrustManagerFactory.algorithm" if it is set, or the value "JessieX509"
+ * if not.
+ *
+ * @return The default algorithm name.
+ * @see Security.getProperty(java.lang.String)
+ */
+ public static final String getDefaultAlgorithm()
+ {
+ String alg = null;
+ try
+ {
+ alg = (String) AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty("ssl.TrustManagerFactory.algorithm");
+ }
+ }
+ );
+ }
+ catch (SecurityException se)
+ {
+ }
+ if (alg == null)
+ alg = DEFAULT_ALGORITHM;
+ return alg;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the name of this trust manager algorithm.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Returns the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the trust managers created by this factory.
+ *
+ * @return The trust managers.
+ */
+ public final TrustManager[] getTrustManagers()
+ {
+ return tmfSpi.engineGetTrustManagers();
+ }
+
+ /**
+ * Initialize this instance with some algorithm-specific parameters.
+ *
+ * @param params The parameters.
+ * @throws InvalidAlgorithmParameterException If the supplied parameters
+ * are inappropriate for this instance.
+ */
+ public final void init(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ tmfSpi.engineInit(params);
+ }
+
+ /**
+ * Initialize this instance with a key store. The key store may be null,
+ * in which case a default will be used.
+ *
+ * @param store The key store.
+ * @throws KeyStoreException If there is a problem reading from the
+ * key store.
+ */
+ public final void init(KeyStore store) throws KeyStoreException
+ {
+ tmfSpi.engineInit(store);
+ }
+}
--- /dev/null
+/* TrustManagerFactorySpi.java -- SPI for trust manager factories.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+/**
+ * The <i>service provider interface</i> (<b>SPI</b>) for trust managers.
+ */
+public abstract class TrustManagerFactorySpi
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public TrustManagerFactorySpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Engine method that returns the trust managers created by this factory.
+ *
+ * @return The trust managers.
+ */
+ protected abstract TrustManager[] engineGetTrustManagers();
+
+ /**
+ * Engine method that initializes this factory with some algorithm-specific
+ * parameters.
+ *
+ * @param params The parameters.
+ * @throws InvalidAlgorithmParameterException If the given parameters are
+ * inappropriate.
+ */
+ protected abstract void engineInit(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException;
+
+ /**
+ * Engine method that initializes this factory with a key store. The key
+ * store parameter may be null, in which case some default should be used.
+ *
+ * @param store The key store.
+ * @throws KeyStoreException If a problem occurs reading from the key store.
+ */
+ protected abstract void engineInit(KeyStore store) throws KeyStoreException;
+}
--- /dev/null
+/* X509KeyManager.java -- X.509 key manager interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.net.Socket;
+
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * A key manager for X.509 certificates and their associated private keys.
+ */
+public interface X509KeyManager extends KeyManager
+{
+
+ /**
+ * Choose an alias for client-side authentication.
+ *
+ * @param keyTypes A list of acceptable key types.
+ * @param issuers A list of acceptable certificate issuers.
+ * @param socket The connecting socket.
+ * @return The chosen alias.
+ */
+ String chooseClientAlias(String[] keyTypes, Principal[] issuers,
+ Socket socket);
+
+ /**
+ * Choose an alias for server-side authentication.
+ *
+ * @param keyType The desired certificate type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @param socket The connecting socket.
+ * @return The chosen alias.
+ */
+ String chooseServerAlias(String keyType, Principal[] issuers,
+ Socket socket);
+
+ /**
+ * Gets the X.509 certificate chain associated with the given alias.
+ *
+ * @param alias The alias.
+ * @return The certificate chain.
+ */
+ X509Certificate[] getCertificateChain(String alias);
+
+ /**
+ * Returns all client aliases that support the given key type.
+ *
+ * @param keyType The desired key type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @return The (possibly empty) list of aliases.
+ */
+ String[] getClientAliases(String keyType, Principal[] issuers);
+
+ /**
+ * Gets the private key associated with the given alias.
+ *
+ * @param alias The alias.
+ * @return The private key.
+ */
+ PrivateKey getPrivateKey(String alias);
+
+ /**
+ * Returns all server aliases that support the given key type.
+ *
+ * @param keyType The desired key type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @return The (possibly empty) list of aliases.
+ */
+ String[] getServerAliases(String keyType, Principal[] issuers);
+}
--- /dev/null
+/* X509TrustManager.java -- X.509 trust manager interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * A trust manager for dealing with X.509 certificates.
+ */
+public interface X509TrustManager extends TrustManager
+{
+
+ /**
+ * Checks if a certificate chain sent by the client is trusted.
+ *
+ * @param chain The certificate chain to check.
+ * @param authType The authentication type.
+ * @throws CertificateException If the client's certificates are not trusted.
+ */
+ void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException;
+
+ /**
+ * Checks if a certificate chain sent by the server is trusted.
+ *
+ * @param chain The certificate chain to check.
+ * @param authType The authentication type.
+ * @throws CertificateException If the server's certificates are not trusted.
+ */
+ void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException;
+
+ /**
+ * Returns the list of trusted issuer certificates currently in use.
+ *
+ * @return The list of trusted issuer certificates.
+ */
+ X509Certificate[] getAcceptedIssuers();
+}
--- /dev/null
+/* AuthPermission.java -- permissions related to authentication.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.BasicPermission;
+
+/**
+ * <p>A permission controlling access to authentication service. The
+ * <i>actions</i> field of auth permission objects is ignored; the whole
+ * of the permission is defined by the <i>target</i>.</p>
+ *
+ * <p>The authentication permission targets recognized are:</p>
+ *
+ * <dl>
+ * <dt><code>doAs</code></dt>
+ *
+ * <dd><p>Allows access to the {@link
+ * Subject#doAs(javax.security.auth.Subject java.security.PrivilegedAction)}
+ * methods.</p></dd>
+ *
+ * <dt><code>doAsPrivileged</code></dt>
+ *
+ * <dd><p>Allows access to the {@link
+ * Subject#doAsPrivileged(javax.security.auth.Subject,
+ * java.security.PrivilegedAction, java.security.AccessControlContext)}
+ * methods.</p></dd>
+ *
+ * <dt><code>getSubject</code></dt>
+ *
+ * <dd><p>Allows access to the {@link Subject} associated with a
+ * thread.</p></dd>
+ *
+ * <dt><code>getSubjectFromDomainCombiner</code></dt>
+ *
+ * <dd><p>Allows access to the {@link Subject} associated with a
+ * {@link SubjectDomainCombiner}.</p></dd>
+ *
+ * <dt><code>setReadOnly</code></dt>
+ *
+ * <dd><p>Allows a {@link Subject} to be marked as read-only.</p></dd>
+ *
+ * <dt><code>modifyPrincipals</code></dt>
+ *
+ * <dd><p>Allows the set of principals of a subject to be modified.</p></dd>
+ *
+ * <dt><code>modifyPublicCredentials</code></dt>
+ *
+ * <dd><p>Allows the set of public credentials of a subject to be
+ * modified.</p></dd>
+ *
+ * <dt><code>modifyPrivateCredentials</code></dt>
+ *
+ * <dd><p>Allows the set of private credentials of a subject to be
+ * modified.</p></dd>
+ *
+ * <dt><code>refreshCredential</code></dt>
+ *
+ * <dd><p>Allows a {@link Refreshable} credential to be refreshed.</p></dd>
+ *
+ * <dt><code>destroyCredential</code></dt>
+ *
+ * <dd><p>Allows a {@link Destroyable} credential to be destroyed.</p></dd>
+ *
+ * <dt><code>createLoginContext.<i>name</i></code></dt>
+ *
+ * <dd><p>Allows a {@link javax.security.auth.login.LoginContext} for the
+ * given <i>name</i>. <i>name</i> can also be a wildcard (<code>'*'</code>),
+ * which allows the creation of a context with any name.</p></dd>
+ *
+ * <dt><code>getLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be retrieved.</p></dd>
+ *
+ * <dt><code>setLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be set.</p></dd>
+ *
+ * <dt><code>refreshLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be refreshed.</p></dd>
+ * </dl>
+ */
+public final class AuthPermission extends BasicPermission
+{
+
+ /**
+ * Creates a new authentication permission for the given target name.
+ *
+ * @param name The target name.
+ */
+ public AuthPermission (String name)
+ {
+ super (name);
+ }
+
+ /**
+ * Creates a new authentication permission for the given target name.
+ * The actions list is not used by this class.
+ *
+ * @param name The target name.
+ * @param actions The action list.
+ */
+ public AuthPermission (String name, String actions)
+ {
+ super (name, actions);
+ }
+}
--- /dev/null
+/* DestroyFailedException.java -- signals an object could not be destroyed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An exception thrown when the {@link Destroyable#destroy()} method
+ * fails for a credential.
+ *
+ * @see Destroyable
+ */
+public class DestroyFailedException extends Exception
+{
+
+ /**
+ * Creates a new DestroyFailedException with no detail message.
+ */
+ public DestroyFailedException()
+ {
+ super();
+ }
+
+ /**
+ * Creates a new DestroyFailedException with a detail message.
+ *
+ * @param message The detail message.
+ */
+ public DestroyFailedException (String message)
+ {
+ super (message);
+ }
+}
--- /dev/null
+/* Destroyable.java -- an immutable object that may be destroyed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An interface for objects that are immutable but whose sensitive
+ * data may be wiped out.
+ */
+public interface Destroyable
+{
+
+ /**
+ * Destroy this object, clearing all sensitive fields appropriately.
+ *
+ * @throws DestroyFailedException If this object could not be
+ * destroyed.
+ * @throws SecurityException If the caller does not have permission
+ * to destroy this object.
+ */
+ void destroy() throws DestroyFailedException;
+
+ /**
+ * Tells whether or not this object has been destroyed.
+ *
+ * @return True if this object has been destroyed.
+ */
+ boolean isDestroyed();
+}
--- /dev/null
+/* Policy.java -- deprecated precursor to java.security.Policy.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.CodeSource;
+import java.security.PermissionCollection;
+
+/**
+ * @deprecated The classes java.security.Policy and
+ * java.security.ProtectionDomain provide the functionality of this class.
+ */
+public abstract class Policy
+{
+
+ private static Policy policy;
+
+ protected Policy()
+ {
+ }
+
+ public static synchronized Policy getPolicy()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("getPolicy"));
+ }
+ return policy;
+ }
+
+ public static synchronized void setPolicy (Policy p)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("setPolicy"));
+ }
+ policy = p;
+ }
+
+ public abstract PermissionCollection getPermissions (Subject subject, CodeSource source);
+ public abstract void refresh();
+}
--- /dev/null
+/* PrivateCredentialPermission.java -- permissions governing private credentials.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.io.Serializable;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+/**
+ * A permission governing access to a private credential. The action of this
+ * permission is always "read" -- meaning that the private credential
+ * information can be read from an object.
+ *
+ * <p>The target of this permission is formatted as follows:</p>
+ *
+ * <p><code>CredentialClassName ( PrinicpalClassName PrincipalName )*</code></p>
+ *
+ * <p><i>CredentialClassName</i> is either the name of a private credential
+ * class name, or a wildcard character (<code>'*'</code>).
+ * <i>PrinicpalClassName</i> is the class name of a principal object, and
+ * <i>PrincipalName</i> is a string representing the principal, or the
+ * wildcard character.</p>
+ */
+public class PrivateCredentialPermission extends Permission
+ implements Serializable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial The credential class name.
+ */
+ private final String credentialClass;
+
+ /**
+ * @serial The principals, a set of CredOwner objects (an undocumented
+ * inner class of this class).
+ */
+ private final Set principals;
+
+ /**
+ * @serial Who knows?
+ */
+ private final boolean testing;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Create a new private credential permission.
+ *
+ * @param name The permission target name.
+ * @param actions The list of actions, which, for this class, must be
+ * <code>"read"</code>.
+ */
+ public PrivateCredentialPermission (final String name, String actions)
+ {
+ super(name);
+ actions = actions.trim().toLowerCase();
+ if (!"read".equals (actions))
+ {
+ throw new IllegalArgumentException("actions must be \"read\"");
+ }
+ StringTokenizer st = new StringTokenizer (name, " \"'");
+ principals = new HashSet();
+ if (st.countTokens() < 3 || (st.countTokens() & 1) == 0)
+ {
+ throw new IllegalArgumentException ("badly formed credential name");
+ }
+ credentialClass = st.nextToken();
+ while (st.hasMoreTokens())
+ {
+ principals.add (new CredOwner (st.nextToken(), st.nextToken()));
+ }
+ testing = false; // WTF ever.
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public boolean equals (Object o)
+ {
+ if (! (o instanceof PrivateCredentialPermission))
+ {
+ return false;
+ }
+ PrivateCredentialPermission that = (PrivateCredentialPermission) o;
+ if (!that.getActions().equals (getActions()))
+ {
+ return false;
+ }
+ if (!that.getCredentialClass().equals (getCredentialClass()))
+ {
+ return false;
+ }
+
+ final String[][] principals = getPrincipals();
+ final String[][] that_principals = that.getPrincipals();
+ if (that_principals == null)
+ {
+ return false;
+ }
+ if (that_principals.length != principals.length)
+ {
+ return false;
+ }
+ for (int i = 0; i < principals.length; i++)
+ {
+ if (!principals[i][0].equals (that_principals[i][0]) ||
+ !principals[i][1].equals (that_principals[i][1]))
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * Returns the actions this permission encompasses. For private credential
+ * permissions, this is always the string <code>"read"</code>.
+ *
+ * @return The list of actions.
+ */
+ public String getActions()
+ {
+ return "read";
+ }
+
+ /**
+ * Returns the credential class name that was embedded in this permission's
+ * target name.
+ *
+ * @return The credential class name.
+ */
+ public String getCredentialClass()
+ {
+ return credentialClass;
+ }
+
+ /**
+ * Returns the principal list that was embedded in this permission's target
+ * name.
+ *
+ * <p>Each element of the returned array is a pair; the first element is the
+ * principal class name, and the second is the principal name.
+ *
+ * @return The principal list.
+ */
+ public String[][] getPrincipals()
+ {
+ String[][] ret = new String[principals.size()][];
+ Iterator it = principals.iterator();
+ for (int i = 0; i < principals.size() && it.hasNext(); i++)
+ {
+ CredOwner co = (CredOwner) it.next();
+ ret[i] = new String[] { co.getPrincipalClass(), co.getPrincipalName() };
+ }
+ return ret;
+ }
+
+ public int hashCode()
+ {
+ return credentialClass.hashCode() + principals.hashCode();
+ }
+
+ /**
+ * Test if this permission implies another. This method returns true if:
+ *
+ * <ol>
+ * <li><i>p</i> is an instance of PrivateCredentialPermission</li>.
+ * <li>The credential class name of this instance matches that of <i>p</i>,
+ * and one of the principals of <i>p</i> is contained in the principals of
+ * this class. Thus,
+ * <ul>
+ * <li><code>[ * P "foo" ] implies [ C P "foo" ]</code></li>
+ * <li><code>[ C P1 "foo" ] implies [ C P1 "foo" P2 "bar" ]</code></li>
+ * <li><code>[ C P1 "*" ] implies [ C P1 "foo" ]</code></li>
+ * </ul>
+ * </ol>
+ *
+ * @param p The permission to check.
+ * @return True if this permission implies <i>p</i>.
+ */
+ public boolean implies (Permission p)
+ {
+ if (! (p instanceof PrivateCredentialPermission))
+ {
+ return false;
+ }
+ PrivateCredentialPermission that = (PrivateCredentialPermission) p;
+ if (!credentialClass.equals ("*")
+ && !credentialClass.equals (that.getCredentialClass()))
+ {
+ return false;
+ }
+ String[][] principals = getPrincipals();
+ String[][] that_principals = that.getPrincipals();
+ if (that_principals == null)
+ {
+ return false;
+ }
+ for (int i = 0; i < principals.length; i++)
+ {
+ for (int j = 0; j < that_principals.length; j++)
+ {
+ if (principals[i][0].equals (that_principals[j][0]) &&
+ (principals[i][1].equals ("*") ||
+ principals[i][1].equals (that_principals[j][1])))
+ {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * This method is not necessary for this class, thus it always returns null.
+ *
+ * @return null.
+ */
+ public PermissionCollection newPermissionCollection()
+ {
+ return null;
+ }
+
+ // Inner class.
+ // -------------------------------------------------------------------------
+
+ /**
+ * An undocumented inner class present for serialization compatibility.
+ */
+ private static class CredOwner implements Serializable
+ {
+
+ // Fields.
+ // -----------------------------------------------------------------------
+
+ private final String principalClass;
+ private final String principalName;
+
+ // Constructor.
+ // -----------------------------------------------------------------------
+
+ CredOwner (final String principalClass, final String principalName)
+ {
+ this.principalClass = principalClass;
+ this.principalName = principalName;
+ }
+
+ // Instance methods.
+ // -----------------------------------------------------------------------
+
+ public boolean equals (Object o)
+ {
+ if (!(o instanceof CredOwner))
+ {
+ return false;
+ }
+ return principalClass.equals (((CredOwner) o).getPrincipalClass()) &&
+ principalName.equals (((CredOwner) o).getPrincipalName());
+ }
+
+ public int hashCode()
+ {
+ return principalClass.hashCode() + principalName.hashCode();
+ }
+
+ public String getPrincipalClass()
+ {
+ return principalClass;
+ }
+
+ public String getPrincipalName()
+ {
+ return principalName;
+ }
+ }
+}
--- /dev/null
+/* RefreshFailedException.java -- signals a failed refresh.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * A signal that a call to {@link Refreshable#refresh()} failed.
+ */
+public class RefreshFailedException extends Exception
+{
+
+ /**
+ * Create a new RefreshFailedException with no detail message.
+ */
+ public RefreshFailedException()
+ {
+ }
+
+ /**
+ * Create a new RefreshFailedException with a detail message.
+ *
+ * @param message The detail message.
+ */
+ public RefreshFailedException (String message)
+ {
+ super (message);
+ }
+}
--- /dev/null
+/* Refreshable.java -- an object whose state may be refreshed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An object whose internal state may be <em>refreshed:</em> as in a
+ * credential object with a expiry date.
+ */
+public interface Refreshable
+{
+
+ /**
+ * Tells whether or not this object is current. Refreshable objects that
+ * are not current may need to be refreshed.
+ *
+ * @return Whether this object is current.
+ */
+ boolean isCurrent();
+
+ /**
+ * Refresh this object. The process involved in refreshing an object is
+ * per-implementation dependent.
+ *
+ * @throws RefreshFailedException If refreshing this object fails.
+ * @throws SecurityException If the caller does not have permission to
+ * refresh, or to take the steps involved in refreshing, this object.
+ */
+ void refresh() throws RefreshFailedException;
+}
--- /dev/null
+/* Subject.java -- a single entity in the system.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.DomainCombiner;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import java.util.AbstractSet;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.Set;
+
+/**
+ *
+ */
+public final class Subject implements Serializable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -8308522755600156056L;
+
+ /**
+ * @serial The set of principals. The type of this field is SecureSet, a
+ * private inner class.
+ */
+ private final Set principals;
+
+ /**
+ * @serial The read-only flag.
+ */
+ private boolean readOnly;
+
+ private transient final SecureSet pubCred;
+ private transient final SecureSet privCred;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public Subject()
+ {
+ principals = new SecureSet (this, SecureSet.PRINCIPALS);
+ pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS);
+ privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS);
+ readOnly = false;
+ }
+
+ public Subject (final boolean readOnly, final Set principals,
+ final Set pubCred, final Set privCred)
+ {
+ if (principals == null || pubCred == null || privCred == null)
+ {
+ throw new NullPointerException();
+ }
+ this.principals = new SecureSet (this, SecureSet.PRINCIPALS, principals);
+ this.pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS, pubCred);
+ this.privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS, privCred);
+ this.readOnly = readOnly;
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Returns the subject associated with the given {@link
+ * AccessControlContext}.</p>
+ *
+ * <p>All this method does is retrieve the Subject object from the supplied
+ * context's {@link DomainCombiner}, if any, and if it is an instance of
+ * a {@link SubjectDomainCombiner}.
+ *
+ * @param context The context to retrieve the subject from.
+ * @return The subject assoctiated with the context, or <code>null</code>
+ * if there is none.
+ * @throws NullPointerException If <i>subject</i> is null.
+ * @throws SecurityException If the caller does not have permission to get
+ * the subject (<code>"getSubject"</code> target of {@link AuthPermission}.
+ */
+ public static Subject getSubject (final AccessControlContext context)
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("getSubject"));
+ }
+ DomainCombiner dc = context.getDomainCombiner();
+ if (!(dc instanceof SubjectDomainCombiner))
+ {
+ return null;
+ }
+ return ((SubjectDomainCombiner) dc).getSubject();
+ }
+
+ /**
+ * <p>Run a method as another subject. This method will obtain the current
+ * {@link AccessControlContext} for this thread, then creates another with
+ * a {@link SubjectDomainCombiner} with the given subject. The supplied
+ * action will then be run with the modified context.</p>
+ *
+ * @param subject The subject to run as.
+ * @param action The action to run.
+ * @return The value returned by the privileged action.
+ * @throws SecurityException If the caller is not allowed to run under a
+ * different identity (<code>"doAs"</code> target of {@link AuthPermission}.
+ */
+ public static Object doAs (final Subject subject, final PrivilegedAction action)
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("doAs"));
+ }
+ AccessControlContext context =
+ new AccessControlContext (AccessController.getContext(),
+ new SubjectDomainCombiner (subject));
+ return AccessController.doPrivileged (action, context);
+ }
+
+ /**
+ * <p>Run a method as another subject. This method will obtain the current
+ * {@link AccessControlContext} for this thread, then creates another with
+ * a {@link SubjectDomainCombiner} with the given subject. The supplied
+ * action will then be run with the modified context.</p>
+ *
+ * @param subject The subject to run as.
+ * @param action The action to run.
+ * @return The value returned by the privileged action.
+ * @throws SecurityException If the caller is not allowed to run under a
+ * different identity (<code>"doAs"</code> target of {@link AuthPermission}.
+ * @throws PrivilegedActionException If the action throws an exception.
+ */
+ public static Object doAs (final Subject subject,
+ final PrivilegedExceptionAction action)
+ throws PrivilegedActionException
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("doAs"));
+ }
+ AccessControlContext context =
+ new AccessControlContext (AccessController.getContext(),
+ new SubjectDomainCombiner(subject));
+ return AccessController.doPrivileged (action, context);
+ }
+
+ /**
+ * <p>Run a method as another subject. This method will create a new
+ * {@link AccessControlContext} derived from the given one, with a
+ * {@link SubjectDomainCombiner} with the given subject. The supplied
+ * action will then be run with the modified context.</p>
+ *
+ * @param subject The subject to run as.
+ * @param action The action to run.
+ * @param acc The context to use.
+ * @return The value returned by the privileged action.
+ * @throws SecurityException If the caller is not allowed to run under a
+ * different identity (<code>"doAsPrivileged"</code> target of {@link
+ * AuthPermission}.
+ */
+ public static Object doAsPrivileged (final Subject subject,
+ final PrivilegedAction action,
+ final AccessControlContext acc)
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("doAsPrivileged"));
+ }
+ AccessControlContext context =
+ new AccessControlContext (acc, new SubjectDomainCombiner (subject));
+ return AccessController.doPrivileged (action, context);
+ }
+
+ /**
+ * <p>Run a method as another subject. This method will create a new
+ * {@link AccessControlContext} derived from the given one, with a
+ * {@link SubjectDomainCombiner} with the given subject. The supplied
+ * action will then be run with the modified context.</p>
+ *
+ * @param subject The subject to run as.
+ * @param action The action to run.
+ * @param acc The context to use.
+ * @return The value returned by the privileged action.
+ * @throws SecurityException If the caller is not allowed to run under a
+ * different identity (<code>"doAsPrivileged"</code> target of
+ * {@link AuthPermission}.
+ * @throws PrivilegedActionException If the action throws an exception.
+ */
+ public static Object doAsPrivileged (final Subject subject,
+ final PrivilegedExceptionAction action,
+ final AccessControlContext acc)
+ throws PrivilegedActionException
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("doAsPrivileged"));
+ }
+ AccessControlContext context =
+ new AccessControlContext (acc, new SubjectDomainCombiner (subject));
+ return AccessController.doPrivileged (action, context);
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public boolean equals (Object o)
+ {
+ if (!(o instanceof Subject))
+ {
+ return false;
+ }
+ Subject that = (Subject) o;
+ return principals.containsAll (that.getPrincipals()) &&
+ pubCred.containsAll (that.getPublicCredentials()) &&
+ privCred.containsAll (that.getPrivateCredentials());
+ }
+
+ public Set getPrincipals()
+ {
+ return principals;
+ }
+
+ public Set getPrincipals(Class clazz)
+ {
+ HashSet result = new HashSet (principals.size());
+ for (Iterator it = principals.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o != null && clazz.isAssignableFrom (o.getClass()))
+ {
+ result.add(o);
+ }
+ }
+ return Collections.unmodifiableSet (result);
+ }
+
+ public Set getPrivateCredentials()
+ {
+ return privCred;
+ }
+
+ public Set getPrivateCredentials (Class clazz)
+ {
+ HashSet result = new HashSet (privCred.size());
+ for (Iterator it = privCred.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o != null && clazz.isAssignableFrom (o.getClass()))
+ {
+ result.add(o);
+ }
+ }
+ return Collections.unmodifiableSet (result);
+ }
+
+ public Set getPublicCredentials()
+ {
+ return pubCred;
+ }
+
+ public Set getPublicCredentials (Class clazz)
+ {
+ HashSet result = new HashSet (pubCred.size());
+ for (Iterator it = pubCred.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o != null && clazz.isAssignableFrom (o.getClass()))
+ {
+ result.add(o);
+ }
+ }
+ return Collections.unmodifiableSet (result);
+ }
+
+ public int hashCode()
+ {
+ return principals.hashCode() + privCred.hashCode() + pubCred.hashCode();
+ }
+
+ /**
+ * <p>Returns whether or not this subject is read-only.</p>
+ *
+ * @return True is this subject is read-only.
+ */
+ public boolean isReadOnly()
+ {
+ return readOnly;
+ }
+
+ /**
+ * <p>Marks this subject as read-only.</p>
+ *
+ * @throws SecurityException If the caller does not have permission to
+ * set this subject as read-only (<code>"setReadOnly"</code> target of
+ * {@link AuthPermission}.
+ */
+ public void setReadOnly()
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("setReadOnly"));
+ }
+ readOnly = true;
+ }
+
+ public String toString()
+ {
+ return Subject.class.getName() + " [ principals=" + principals +
+ ", private credentials=" + privCred + ", public credentials=" +
+ pubCred + ", read-only=" + readOnly + " ]";
+ }
+
+\f// Inner class.
+ // -------------------------------------------------------------------------
+
+ /**
+ * An undocumented inner class that is used for sets in the parent class.
+ */
+ private static class SecureSet extends AbstractSet implements Serializable
+ {
+
+ // Fields.
+ // -----------------------------------------------------------------------
+
+ private static final long serialVersionUID = 7911754171111800359L;
+
+ static final int PRINCIPALS = 0;
+ static final int PUBLIC_CREDENTIALS = 1;
+ static final int PRIVATE_CREDENTIALS = 2;
+
+ private final Subject subject;
+ private final LinkedList elements;
+ private transient final int type;
+
+ // Constructors.
+ // -----------------------------------------------------------------------
+
+ SecureSet (final Subject subject, final int type, final Collection elements)
+ {
+ this (subject, type);
+ for (Iterator it = elements.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (type == PRINCIPALS && !(o instanceof Principal))
+ {
+ throw new IllegalArgumentException(o+" is not a Principal");
+ }
+ if (!elements.contains (o))
+ {
+ elements.add (o);
+ }
+ }
+ }
+
+ SecureSet (final Subject subject, final int type)
+ {
+ this.subject = subject;
+ this.type = type;
+ this.elements = new LinkedList();
+ }
+
+ // Instance methods.
+ // -----------------------------------------------------------------------
+
+ public synchronized int size()
+ {
+ return elements.size();
+ }
+
+ public Iterator iterator()
+ {
+ return elements.iterator();
+ }
+
+ public synchronized boolean add(Object element)
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ final SecurityManager sm = System.getSecurityManager();
+ switch (type)
+ {
+ case PRINCIPALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPrincipals"));
+ }
+ if (!(element instanceof Principal))
+ {
+ throw new IllegalArgumentException ("element is not a Principal");
+ }
+ break;
+
+ case PUBLIC_CREDENTIALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPublicCredentials"));
+ }
+ break;
+
+ case PRIVATE_CREDENTIALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPrivateCredentials"));
+ }
+ break;
+
+ default:
+ throw new Error ("this statement should be unreachable");
+ }
+
+ if (elements.contains (element))
+ {
+ return false;
+ }
+
+ return elements.add (element);
+ }
+
+ public synchronized boolean remove (final Object element)
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ final SecurityManager sm = System.getSecurityManager();
+ switch (type)
+ {
+ case PRINCIPALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPrincipals"));
+ }
+ if (!(element instanceof Principal))
+ {
+ throw new IllegalArgumentException ("element is not a Principal");
+ }
+ break;
+
+ case PUBLIC_CREDENTIALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPublicCredentials"));
+ }
+ break;
+
+ case PRIVATE_CREDENTIALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPrivateCredentials"));
+ }
+ break;
+
+ default:
+ throw new Error("this statement should be unreachable");
+ }
+
+ return elements.remove(element);
+ }
+
+ public synchronized boolean contains (final Object element)
+ {
+ return elements.remove (element);
+ }
+
+ public boolean removeAll (final Collection c)
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ return super.removeAll (c);
+ }
+
+ public boolean retainAll (final Collection c)
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ return super.retainAll (c);
+ }
+
+ public void clear()
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ elements.clear();
+ }
+
+ private synchronized void writeObject (ObjectOutputStream out)
+ throws IOException
+ {
+ throw new UnsupportedOperationException ("FIXME: determine serialization");
+ }
+
+ private void readObject (ObjectInputStream in)
+ throws ClassNotFoundException, IOException
+ {
+ throw new UnsupportedOperationException ("FIXME: determine serialization");
+ }
+ }
+}
--- /dev/null
+/* SubjectDomainCombiner.java -- domain combiner for Subjects.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.DomainCombiner;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+
+import java.util.LinkedList;
+
+public class SubjectDomainCombiner implements DomainCombiner
+{
+
+ // Field.
+ // -------------------------------------------------------------------------
+
+ private final Subject subject;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public SubjectDomainCombiner (final Subject subject)
+ {
+ this.subject = subject;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public ProtectionDomain[] combine (final ProtectionDomain[] current,
+ final ProtectionDomain[] assigned)
+ {
+ LinkedList domains = new LinkedList();
+ Principal[] principals =
+ (Principal[]) subject.getPrincipals().toArray (new Principal[0]);
+ if (current != null)
+ {
+ for (int i = 0; i < current.length; i++)
+ {
+ domains.add (new ProtectionDomain (current[i].getCodeSource(),
+ current[i].getPermissions(),
+ current[i].getClassLoader(),
+ principals));
+ }
+ }
+ if (assigned != null)
+ {
+ for (int i = 0; i < assigned.length; i++)
+ {
+ domains.add (assigned[i]);
+ }
+ }
+ return (ProtectionDomain[]) domains.toArray (new ProtectionDomain[domains.size()]);
+ }
+
+ public Subject getSubject()
+ {
+ return subject;
+ }
+}
--- /dev/null
+/* Callback.java -- marker interface for callback classes
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+/**
+ * <p>Implementations of this interface are passed to a {@link CallbackHandler},
+ * allowing underlying security services the ability to interact with a calling
+ * application to retrieve specific authentication data such as usernames and
+ * passwords, or to display certain information, such as error and warning
+ * messages.</p>
+ *
+ * <p><code>Callback</code> implementations do not retrieve or display the
+ * information requested by underlying security services. <code>Callback</code>
+ * implementations simply provide the means to pass such requests to
+ * applications, and for applications, if appropriate, to return requested
+ * information back to the underlying security services.</p>
+ *
+ * @see CallbackHandler
+ * @see ChoiceCallback
+ * @see ConfirmationCallback
+ * @see LanguageCallback
+ * @see NameCallback
+ * @see PasswordCallback
+ * @see TextInputCallback
+ * @see TextOutputCallback
+ * @version $Revision: 1.1 $
+ */
+public interface Callback {
+}
--- /dev/null
+/* CallbackHandler.java -- base interface for callback handlers.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.IOException;
+
+/**
+ * <p>An application implements a <code>CallbackHandler</code> and passes it to
+ * underlying security services so that they may interact with the application
+ * to retrieve specific authentication data, such as usernames and passwords, or
+ * to display certain information, such as error and warning messages.</p>
+ *
+ * <p><code>CallbackHandler</code>s are implemented in an application-dependent
+ * fashion. For example, implementations for an application with a graphical
+ * user interface (GUI) may pop up windows to prompt for requested information
+ * or to display error messages. An implementation may also choose to obtain
+ * requested information from an alternate source without asking the end user.</p>
+ *
+ * <p>Underlying security services make requests for different types of
+ * information by passing individual Callbacks to the <code>CallbackHandler</code>.
+ * The <code>CallbackHandler</code> implementation decides how to retrieve and
+ * display information depending on the {@link Callback}s passed to it. For
+ * example, if the underlying service needs a username and password to
+ * authenticate a user, it uses a {@link NameCallback} and
+ * {@link PasswordCallback}. The <code>CallbackHandler</code> can then choose
+ * to prompt for a username and password serially, or to prompt for both in a
+ * single window.</p>
+ *
+ * <p>A default <code>CallbackHandler</code> class implementation may be
+ * specified in the <code>auth.login.defaultCallbackHandler</code> security
+ * property. The security property can be set in the Java security properties
+ * file located in the file named
+ * <code><JAVA_HOME>/lib/security/java.security</code>, where
+ * <code><JAVA_HOME></code> refers to the directory where the SDK was
+ * installed.</p>
+ *
+ * <p>If the security property is set to the fully qualified name of a
+ * <code>CallbackHandler</code> implementation class, then a
+ * <code>LoginContext</code>will load the specified <code>CallbackHandler</code>
+ * and pass it to the underlying <code>LoginModules</code>. The
+ * <code>LoginContext</code> only loads the default handler if one was not
+ * provided.</p>
+ *
+ * <p>All default handler implementations must provide a public zero-argument
+ * constructor.</p>
+ *
+ * @version $Revision: 1.1 $
+ */
+public interface CallbackHandler
+{
+
+ /**
+ * <p>Retrieve or display the information requested in the provided
+ * {@link Callback}s.</p>
+ *
+ * <p>The <code>handle()</code> method implementation checks the instance(s)
+ * of the {@link Callback} object(s) passed in to retrieve or display the
+ * requested information. The following example is provided to help
+ * demonstrate what an <code>handle()</code> method implementation might look
+ * like. This example code is for guidance only. Many details, including
+ * proper error handling, are left out for simplicity.</p>
+ *
+ * <pre>
+ *public void handle(Callback[] callbacks)
+ *throws IOException, UnsupportedCallbackException {
+ * for (int i = 0; i < callbacks.length; i++) {
+ * if (callbacks[i] instanceof TextOutputCallback) {
+ * // display the message according to the specified type
+ * TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+ * switch (toc.getMessageType()) {
+ * case TextOutputCallback.INFORMATION:
+ * System.out.println(toc.getMessage());
+ * break;
+ * case TextOutputCallback.ERROR:
+ * System.out.println("ERROR: " + toc.getMessage());
+ * break;
+ * case TextOutputCallback.WARNING:
+ * System.out.println("WARNING: " + toc.getMessage());
+ * break;
+ * default:
+ * throw new IOException("Unsupported message type: "
+ * + toc.getMessageType());
+ * }
+ * } else if (callbacks[i] instanceof NameCallback) {
+ * // prompt the user for a username
+ * NameCallback nc = (NameCallback)callbacks[i];
+ * // ignore the provided defaultName
+ * System.err.print(nc.getPrompt());
+ * System.err.flush();
+ * nc.setName((new BufferedReader(
+ * new InputStreamReader(System.in))).readLine());
+ * } else if (callbacks[i] instanceof PasswordCallback) {
+ * // prompt the user for sensitive information
+ * PasswordCallback pc = (PasswordCallback)callbacks[i];
+ * System.err.print(pc.getPrompt());
+ * System.err.flush();
+ * pc.setPassword(readPassword(System.in));
+ * } else {
+ * throw new UnsupportedCallbackException(
+ * callbacks[i], "Unrecognized Callback");
+ * }
+ * }
+ *}
+ *
+ * // Reads user password from given input stream.
+ *private char[] readPassword(InputStream in) throws IOException {
+ * // insert code to read a user password from the input stream
+ *}
+ * </pre>
+ *
+ * @param callbacks an array of {@link Callback} objects provided by an
+ * underlying security service which contains the information requested to
+ * be retrieved or displayed.
+ * @throws IOException if an input or output error occurs.
+ * @throws UnsupportedCallbackException if the implementation of this method
+ * does not support one or more of the Callbacks specified in the
+ * <code>callbacks</code> parameter.
+ */
+ void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException;
+}
--- /dev/null
+/* ChoiceCallback.java -- callback for a choice of values.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a
+ * <code>ChoiceCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to display a list of choices and to retrieve the
+ * selected choice(s).
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class ChoiceCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial the list of choices.
+ * @since 1.4
+ */
+ private String[] choices;
+
+ /**
+ * @serial the choice to be used as the default choice.
+ * @since 1.4
+ */
+ private int defaultChoice;
+
+ /**
+ * @serial whether multiple selections are allowed from the list of choices.
+ * @since 1.4
+ */
+ private boolean multipleSelectionsAllowed;
+
+ /**
+ * @serial the selected choices, represented as indexes into the choices list.
+ * @since 1.4
+ */
+ private int[] selections;
+
+ // Constructor(s)
+ //--------------------------------------------------------------------------
+
+ /**
+ * Construct a <code>ChoiceCallback</code> with a prompt, a list of choices,
+ * a default choice, and a boolean specifying whether or not multiple
+ * selections from the list of choices are allowed.
+ *
+ * @param prompt the prompt used to describe the list of choices.
+ * @param choices the list of choices.
+ * @param defaultChoice the choice to be used as the default choice when the
+ * list of choices are displayed. This value is represented as an index into
+ * the <code>choices</code> array.
+ * @param multipleSelectionsAllowed boolean specifying whether or not
+ * multiple selections can be made from the list of choices.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+ * if <code>prompt</code> has a length of <code>0</code>, if <code>choices</code>
+ * is <code>null</code>, if <code>choices</code> has a length of <code>0</code>,
+ * if any element from <code>choices</code> is <code>null</code>, if any
+ * element from <code>choices</code> has a length of <code>0</code> or if
+ * <code>defaultChoice</code> does not fall within the array boundaries of
+ * <code>choices</code>.
+ */
+ public ChoiceCallback(String prompt, String[] choices, int defaultChoice,
+ boolean multipleSelectionsAllowed)
+ {
+ super();
+
+ setPrompt(prompt);
+ setChoices(choices);
+ if (defaultChoice < 0 || defaultChoice >= this.choices.length)
+ {
+ throw new IllegalArgumentException("default choice is out of bounds");
+ }
+ this.defaultChoice = defaultChoice;
+ this.multipleSelectionsAllowed = multipleSelectionsAllowed;
+ }
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Get the list of choices.
+ *
+ * @return the list of choices.
+ */
+ public String[] getChoices()
+ {
+ return choices;
+ }
+
+ /**
+ * Get the defaultChoice.
+ *
+ * @return the defaultChoice, represented as an index into the choices list.
+ */
+ public int getDefaultChoice()
+ {
+ return defaultChoice;
+ }
+
+ /**
+ * Get the boolean determining whether multiple selections from the choices
+ * list are allowed.
+ *
+ * @return whether multiple selections are allowed.
+ */
+ public boolean allowMultipleSelections()
+ {
+ return multipleSelectionsAllowed;
+ }
+
+ /**
+ * Set the selected choice.
+ *
+ * @param selection the selection represented as an index into the choices
+ * list.
+ * @see #getSelectedIndexes()
+ */
+ public void setSelectedIndex(int selection)
+ {
+ this.selections = new int[1];
+ this.selections[0] = selection;
+ }
+
+ /**
+ * Set the selected choices.
+ *
+ * @param selections the selections represented as indexes into the choices
+ * list.
+ * @throws UnsupportedOperationException if multiple selections are not
+ * allowed, as determined by <code>allowMultipleSelections</code>.
+ * @see #getSelectedIndexes()
+ */
+ public void setSelectedIndexes(int[] selections)
+ {
+ if (!multipleSelectionsAllowed)
+ {
+ throw new UnsupportedOperationException("not allowed");
+ }
+
+ this.selections = selections;
+ }
+
+ /**
+ * Get the selected choices.
+ *
+ * @return the selected choices, represented as indexes into the choices list.
+ * @see #setSelectedIndexes(int[])
+ */
+ public int[] getSelectedIndexes()
+ {
+ return selections;
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid prompt");
+ }
+ this.prompt = prompt;
+ }
+
+ private void setChoices(String[] choices) throws IllegalArgumentException
+ {
+ if (choices == null || choices.length == 0)
+ {
+ throw new IllegalArgumentException("invalid choices");
+ }
+ for (int i = 0; i < choices.length; i++)
+ {
+ if (choices[i] == null || choices[i].length() == 0)
+ {
+ throw new IllegalArgumentException("invalid choice at index #"+i);
+ }
+ }
+ this.choices = choices;
+ }
+}
--- /dev/null
+/* ConfirmationCallback.java -- callback for confirmations.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a
+ * <code>ConfirmationCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to ask for YES/NO, OK/CANCEL, YES/NO/CANCEL or other
+ * similar confirmations.
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class ConfirmationCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Unspecified option type.</p>
+ *
+ * <p>The <code>getOptionType</code> method returns this value if this
+ * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+ * instead of an <code>optionType</code>.</p>
+ */
+ public static final int UNSPECIFIED_OPTION = -1;
+
+ /**
+ * <p>YES/NO confirmation option.</p>
+ *
+ * <p>An underlying security service specifies this as the <code>optionType</code>
+ * to a <code>ConfirmationCallback</code> constructor if it requires a
+ * confirmation which can be answered with either <code>YES</code> or
+ * <code>NO</code>.</p>
+ */
+ public static final int YES_NO_OPTION = 0;
+
+ /**
+ * <p>YES/NO/CANCEL confirmation confirmation option.</p>
+ *
+ * <p>An underlying security service specifies this as the <code>optionType</code>
+ * to a <code>ConfirmationCallback</code> constructor if it requires a
+ * confirmation which can be answered with either <code>YES</code>,
+ * <code>NO</code> or <code>CANCEL</code>.
+ */
+ public static final int YES_NO_CANCEL_OPTION = 1;
+
+ /**
+ * <p>OK/CANCEL confirmation confirmation option.</p>
+ *
+ * <p>An underlying security service specifies this as the <code>optionType</code>
+ * to a <code>ConfirmationCallback</code> constructor if it requires a
+ * confirmation which can be answered with either <code>OK</code> or
+ * <code>CANCEL</code>.</p>
+ */
+ public static final int OK_CANCEL_OPTION = 2;
+
+ /**
+ * <p>YES option.</p>
+ *
+ * <p>If an <code>optionType</code> was specified to this
+ * <code>ConfirmationCallback</code>, this option may be specified as a
+ * <code>defaultOption</code> or returned as the selected index.</p>
+ */
+ public static final int YES = 0;
+
+ /**
+ * <p>NO option.</p>
+ *
+ * <p>If an <code>optionType</code> was specified to this
+ * <code>ConfirmationCallback</code>, this option may be specified as a
+ * <code>defaultOption</code> or returned as the selected index.</p>
+ */
+ public static final int NO = 1;
+
+ /**
+ * <p>CANCEL option.</p>
+ *
+ * <p>If an <code>optionType</code> was specified to this
+ * <code>ConfirmationCallback</code>, this option may be specified as a
+ * <code>defaultOption</code> or returned as the selected index.</p>
+ */
+ public static final int CANCEL = 2;
+
+ /**
+ * <p>OK option.</p>
+ *
+ * <p>If an <code>optionType</code> was specified to this
+ * <code>ConfirmationCallback</code>, this option may be specified as a
+ * <code>defaultOption</code> or returned as the selected index.</p>
+ */
+ public static final int OK = 3;
+
+ /** INFORMATION message type. */
+ public static final int INFORMATION = 0;
+
+ /** WARNING message type. */
+ public static final int WARNING = 1;
+
+ /** ERROR message type. */
+ public static final int ERROR = 2;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int messageType;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int optionType;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int defaultOption;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String[] options = null;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int selection;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Construct a <code>ConfirmationCallback</code> with a message type, an
+ * option type and a default option.</p>
+ *
+ * <p>Underlying security services use this constructor if they require
+ * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.</p>
+ *
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+ * OK_CANCEL_OPTION).
+ * @param defaultOption the default option from the provided optionType (YES,
+ * NO, CANCEL or OK).
+ * @throws IllegalArgumentException if <code>messageType</code> is not either
+ * <code>INFORMATION</code>, <code>WARNING</code>, or <code>ERROR</code>, if
+ * <code>optionType</code> is not either <code>YES_NO_OPTION</code>,
+ * <code>YES_NO_CANCEL_OPTION</code>, or <code>OK_CANCEL_OPTION</code>, or if
+ * <code>defaultOption</code> does not correspond to one of the options in
+ * <code>optionType</code>.
+ */
+ public ConfirmationCallback(int messageType, int optionType, int defaultOption)
+ throws IllegalArgumentException
+ {
+ super();
+
+ setMessageType(messageType);
+ setOptionType(optionType, defaultOption);
+ this.defaultOption = defaultOption;
+ }
+
+ /**
+ * <p>Construct a <code>ConfirmationCallback</code> with a message type, a
+ * list of options and a default option.</p>
+ *
+ * <p>Underlying security services use this constructor if they require a
+ * confirmation different from the available preset confirmations provided
+ * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are
+ * listed in the <code>options</code> array, and are displayed by the
+ * {@link CallbackHandler} implementation in a manner consistent with the
+ * way preset options are displayed.</p>
+ *
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param options the list of confirmation options.
+ * @param defaultOption the default option, represented as an index into the
+ * <code>options</code> array.
+ * @throws IllegalArgumentException if <code>messageType</code> is not either
+ * <code>INFORMATION</code>, <code>WARNING</code>, or <code>ERROR</code>, if
+ * <code>options</code> is <code>null</code>, if <code>options</code> has a
+ * length of <code>0</code>, if any element from <code>options</code> is
+ * <code>null</code>, if any element from <code>options</code> has a length
+ * of <code>0</code>, or if <code>defaultOption</code> does not lie within
+ * the array boundaries of <code>options</code>.
+ */
+ public ConfirmationCallback(int messageType, String[] options, int defaultOption)
+ {
+ super();
+
+ setMessageType(messageType);
+ setOptions(options, defaultOption);
+ this.defaultOption = defaultOption;
+ }
+
+ /**
+ * <p>Construct a <code>ConfirmationCallback</code> with a prompt, message
+ * type, an option type and a default option.</p>
+ *
+ * <p>Underlying security services use this constructor if they require
+ * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.</p>
+ *
+ * @param prompt the prompt used to describe the list of options.
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+ * OK_CANCEL_OPTION).
+ * @param defaultOption the default option from the provided optionType (YES,
+ * NO, CANCEL or OK).
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+ * if <code>prompt</code> has a length of <code>0</code>, if
+ * <code>messageType</code> is not either <ode>INFORMATION</code>,
+ * <code>WARNING</code>, or <code>ERROR</code>, if <code>optionType</code> is
+ * not either <code>YES_NO_OPTION</code>, <code>YES_NO_CANCEL_OPTION</code>,
+ * or <code>OK_CANCEL_OPTION</code>, or if <code>defaultOption</code> does
+ * not correspond to one of the options in <code>optionType</code>.
+ */
+ public ConfirmationCallback(String prompt, int messageType, int optionType,
+ int defaultOption)
+ {
+ super();
+
+ setPrompt(prompt);
+ setMessageType(messageType);
+ setOptionType(optionType, defaultOption);
+ this.defaultOption = defaultOption;
+ }
+
+ /**
+ * <p>Construct a <code>ConfirmationCallback</code> with a prompt, message
+ * type, a list of options and a default option.</p>
+ *
+ * <p>Underlying security services use this constructor if they require a
+ * confirmation different from the available preset confirmations provided
+ * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are
+ * listed in the <code>options</code> array, and are displayed by the
+ * {@link CallbackHandler} implementation in a manner consistent with the
+ * way preset options are displayed.</p>
+ *
+ * @param prompt the prompt used to describe the list of options.
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param options the list of confirmation options.
+ * @param defaultOption the default option, represented as an index into the
+ * <code>options</code> array.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+ * if <code>prompt</code> has a length of <code>0</code>, if
+ * <code>messageType</code> is not either <ode>INFORMATION</code>,
+ * <code>WARNING</code>, or <code>ERROR</code>, if <code>options</code> is
+ * <code>null</code>, if <code>options</code> has a length of <code>0</code>,
+ * if any element from <code>options</code> is <code>null</code>, if any
+ * element from <code>options</code> has a length of <code>0</code>, or if
+ * <code>defaultOption</code> does not lie within the array boundaries of
+ * <code>options</code>.
+ */
+ public ConfirmationCallback(String prompt, int messageType, String[] options,
+ int defaultOption)
+ {
+ super();
+
+ setPrompt(prompt);
+ setMessageType(messageType);
+ setOptions(options, defaultOption);
+ this.defaultOption = defaultOption;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt, or <code>null</code> if this
+ * <code>ConfirmationCallback</code> was instantiated without a prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Get the message type.
+ *
+ * @return the message type (INFORMATION, WARNING or ERROR).
+ */
+ public int getMessageType()
+ {
+ return messageType;
+ }
+
+ /**
+ * <p>Get the option type.</p>
+ *
+ * <p>If this method returns {@link #UNSPECIFIED_OPTION}, then this
+ * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+ * instead of an <code>optionType</code>. In this case, invoke the
+ * {@link #getOptions()} method to determine which confirmation options to
+ * display.</p>
+ *
+ * @return the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+ * OK_CANCEL_OPTION), or UNSPECIFIED_OPTION if this
+ * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+ * instead of an <code>optionType</code>.
+ */
+ public int getOptionType()
+ {
+ if (options != null)
+ {
+ return UNSPECIFIED_OPTION;
+ }
+ return optionType;
+ }
+
+ /**
+ * Get the confirmation options.
+ *
+ * @return the list of confirmation options, or <code>null</code> if this
+ * <code>ConfirmationCallback</code> was instantiated with an
+ * <code>optionType</code> instead of <code>options</code>.
+ */
+ public String[] getOptions()
+ {
+ return options;
+ }
+
+ /**
+ * Get the default option.
+ *
+ * @return the default option, represented as <code>YES</code>, <code>NO</code>,
+ * <code>OK</code> or <code>CANCEL</code> if an <code>optionType</code> was
+ * specified to the constructor of this <code>ConfirmationCallback</code>.
+ * Otherwise, this method returns the default option as an index into the
+ * <code>options</code> array specified to the constructor of this
+ * <code>ConfirmationCallback</code>.
+ */
+ public int getDefaultOption()
+ {
+ return defaultOption;
+ }
+
+ /**
+ * Set the selected confirmation option.
+ *
+ * @param selection the selection represented as <code>YES</code>,
+ * <code>NO</code>, <code>OK</code> or <code>CANCEL</code> if an
+ * <code>optionType</code> was specified to the constructor of this
+ * <code>ConfirmationCallback</code>. Otherwise, the <code>selection</code>
+ * represents the index into the <code>options</code> array specified to the
+ * constructor of this <code>ConfirmationCallback</code>.
+ * @see #getSelectedIndex()
+ */
+ public void setSelectedIndex(int selection)
+ {
+ if (options != null)
+ {
+ setOptions(options, selection);
+ }
+ else
+ {
+ setOptionType(optionType, selection);
+ }
+ }
+
+ /**
+ * Get the selected confirmation option.
+ *
+ * @return the selected confirmation option represented as <code>YES</code>,
+ * <code>NO</code>, <code>OK</code> or <code>CANCEL</code> if an
+ * <code>optionType</code> was specified to the constructor of this
+ * <code>ConfirmationCallback</code>. Otherwise, this method returns the
+ * selected confirmation option as an index into the <code>options</code>
+ * array specified to the constructor of this <code>ConfirmationCallback</code>.
+ * @see #setSelectedIndex(int)
+ */
+ public int getSelectedIndex()
+ {
+ return this.selection;
+ }
+
+ private void setMessageType(int messageType) throws IllegalArgumentException
+ {
+ switch (messageType)
+ {
+ case INFORMATION:
+ case WARNING:
+ case ERROR: this.messageType = messageType; break;
+ default: throw new IllegalArgumentException("illegal message type");
+ }
+ }
+
+ private void setOptionType(int optionType, int selectedOption)
+ throws IllegalArgumentException
+ {
+ switch (optionType)
+ {
+ case YES_NO_OPTION:
+ this.optionType = optionType;
+ switch (selectedOption)
+ {
+ case YES:
+ case NO: this.selection = selectedOption; break;
+ default: throw new IllegalArgumentException("invalid option");
+ }
+ break;
+ case YES_NO_CANCEL_OPTION:
+ this.optionType = optionType;
+ switch (selectedOption)
+ {
+ case YES:
+ case NO:
+ case CANCEL: this.selection = selectedOption; break;
+ default: throw new IllegalArgumentException("invalid option");
+ }
+ break;
+ case OK_CANCEL_OPTION:
+ this.optionType = optionType;
+ switch (selectedOption)
+ {
+ case OK:
+ case CANCEL: this.selection = selectedOption; break;
+ default: throw new IllegalArgumentException("invalid option");
+ }
+ break;
+ default:
+ throw new IllegalArgumentException("illegal option type");
+ }
+ }
+
+ private void setOptions(String[] options, int selectedOption)
+ throws IllegalArgumentException
+ {
+ if ((selectedOption < 0) || (selectedOption > options.length - 1))
+ {
+ throw new IllegalArgumentException("invalid selection");
+ }
+ if ((options == null) || (options.length == 0))
+ {
+ throw new IllegalArgumentException("options is null or empty");
+ }
+ for (int i = 0; i < options.length; i++)
+ {
+ if ((options[i] == null) || (options[i].length() == 0))
+ {
+ throw new IllegalArgumentException("options[" + i + "] is null or empty");
+ }
+ }
+ this.options = options;
+ this.selection = selectedOption;
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("prompt is null or empty");
+ }
+ this.prompt = prompt;
+ }
+}
--- /dev/null
+/* LanguageCallback.java -- callback for language choices.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+import java.util.Locale;
+
+/**
+ * Underlying security services instantiate and pass a <code>LanguageCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * the {@link Locale} used for localizing text.
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class LanguageCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private Locale locale;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /** Construct a <code>LanguageCallback</code>. */
+ public LanguageCallback()
+ {
+ super();
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Set the retrieved Locale.
+ *
+ * @param locale the retrieved Locale.
+ * @see #getLocale()
+ */
+ public void setLocale(Locale locale)
+ {
+ this.locale = locale;
+ }
+
+ /**
+ * Get the retrieved Locale.
+ *
+ * @return the retrieved Locale, or <code>null</code> if no Locale could be
+ * retrieved.
+ * @see #setLocale(Locale)
+ */
+ public Locale getLocale()
+ {
+ return locale;
+ }
+}
--- /dev/null
+/* NameCallback.java -- callback for user names.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>NameCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * name information.
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class NameCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String defaultName;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String inputName;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Construct a <code>NameCallback</code> with a prompt.
+ *
+ * @param prompt the prompt used to request the name.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or if <code>prompt</code> has a length of <code>0</code>.
+ */
+ public NameCallback(String prompt)
+ {
+ super();
+
+ setPrompt(prompt);
+ }
+
+ /**
+ * Construct a <code>NameCallback</code> with a prompt and default name.
+ *
+ * @param prompt the prompt used to request the information.
+ * @param defaultName the name to be used as the default name displayed with
+ * the prompt.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or if <code>prompt</code> has a length of <code>0</code>, if
+ * <code>defaultName</code> is <code>null</code>, or if <code>defaultName</code>
+ * has a length of <code>0</code>.
+ */
+ public NameCallback(String prompt, String defaultName)
+ throws IllegalArgumentException
+ {
+ super();
+
+ setPrompt(prompt);
+ setDefaultName(defaultName);
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Get the default name.
+ *
+ * @return the default name, or <code>null</code> if this
+ * <code>NameCallback</code> was not instantiated with a
+ * <code>defaultName</code>.
+ */
+ public String getDefaultName()
+ {
+ return defaultName;
+ }
+
+ /**
+ * Set the retrieved name.
+ *
+ * @param name the retrieved name (which may be <code>null</code>).
+ * @see #getName()
+ */
+ public void setName(String name)
+ {
+ this.inputName = name;
+ }
+
+ /**
+ * Get the retrieved name.
+ *
+ * @return the retrieved name (which may be <code>null</code>)
+ * @see #setName(String)
+ */
+ public String getName()
+ {
+ return inputName;
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid prompt");
+ }
+ this.prompt = prompt;
+ }
+
+ private void setDefaultName(String defaultName) throws IllegalArgumentException
+ {
+ if ((defaultName == null) || (defaultName.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid default name");
+ }
+ this.defaultName = defaultName;
+ }
+}
--- /dev/null
+/* PasswordCallback.java -- callback for passwords.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>PasswordCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * password information.
+ *
+ * @see CallbackHandler,
+ * @version $Revision: 1.1 $
+ */
+public class PasswordCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private boolean echoOn;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private char[] inputPassword;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Construct a <code>PasswordCallback</code> with a prompt and a boolean
+ * specifying whether the password should be displayed as it is being typed.
+ *
+ * @param prompt the prompt used to request the password.
+ * @param echoOn <code>true</code> if the password should be displayed as it
+ * is being typed.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or if <code>prompt</code> has a length of <code>0</code>.
+ */
+ public PasswordCallback(String prompt, boolean echoOn)
+ {
+ super();
+
+ setPrompt(prompt);
+ this.echoOn = echoOn;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Return whether the password should be displayed as it is being typed.
+ *
+ * @return the whether the password should be displayed as it is being typed.
+ */
+ public boolean isEchoOn()
+ {
+ return echoOn;
+ }
+
+ /**
+ * <p>Set the retrieved password.</p>
+ *
+ * <p>This method makes a copy of the input password before storing it.</p>
+ *
+ * @param password the retrieved password, which may be <code>null</code>.
+ * @see #getPassword()
+ */
+ public void setPassword(char[] password)
+ {
+ inputPassword = (password == null ? null : (char[]) password.clone());
+ }
+
+ /**
+ * <p>Get the retrieved password.</p>
+ *
+ * <p>This method returns a copy of the retrieved password.</p>
+ *
+ * @return the retrieved password, which may be <code>null</code>.
+ * @see #setPassword(char[])
+ */
+ public char[] getPassword()
+ {
+ return (inputPassword == null ? null : (char[]) inputPassword.clone());
+ }
+
+ /** Clear the retrieved password. */
+ public void clearPassword()
+ {
+ if (inputPassword != null)
+ {
+ for (int i = 0; i < inputPassword.length; i++)
+ {
+ inputPassword[i] = '\0';
+ }
+ inputPassword = null;
+ }
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid prompt");
+ }
+ this.prompt = prompt;
+ }
+}
--- /dev/null
+/* TextInputCallback.java -- callbacks for user input.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>TextInputCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * generic text information.
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class TextInputCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String defaultText;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String inputText;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Construct a <code>TextInputCallback</code> with a prompt.
+ *
+ * @param prompt the prompt used to request the information.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or if <code>prompt</code> has a length of <code>0</code>.
+ */
+ public TextInputCallback(String prompt) throws IllegalArgumentException
+ {
+ super();
+
+ setPrompt(prompt);
+ }
+
+ /**
+ * Construct a <code>TextInputCallback</code> with a prompt and default
+ * input value.
+ *
+ * @param prompt the prompt used to request the information.
+ * @param defaultText the text to be used as the default text displayed with
+ * the prompt.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+ * if <code>prompt</code> has a length of <code>0</code>, if
+ * <code>defaultText</code> is <code>null</code> or if <code>defaultText</code>
+ * has a length of <code>0</code>.
+ */
+ public TextInputCallback(String prompt, String defaultText)
+ throws IllegalArgumentException
+ {
+ super();
+
+ setPrompt(prompt);
+ setDefaultText(defaultText);
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Get the default text.
+ *
+ * @return the default text, or <code>null</code> if this
+ * <code>TextInputCallback</code> was not instantiated with
+ * <code>defaultText</code>.
+ */
+ public String getDefaultText()
+ {
+ return defaultText;
+ }
+
+ /**
+ * Set the retrieved text.
+ *
+ * @param text the retrieved text, which may be <code>null</code>.
+ */
+ public void setText(String text)
+ {
+ this.inputText = text;
+ }
+
+ /**
+ * Get the retrieved text.
+ *
+ * @return the retrieved text, which may be <code>null</code>.
+ */
+ public String getText()
+ {
+ return inputText;
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid prompt");
+ }
+ this.prompt = prompt;
+ }
+
+ private void setDefaultText(String defaultText) throws IllegalArgumentException
+ {
+ if ((defaultText == null) || (defaultText.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid default text");
+ }
+ this.defaultText = defaultText;
+ }
+}
--- /dev/null
+/* TextOutputCallback.java -- callback for text output.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * <p>Underlying security services instantiate and pass a
+ * <code>TextOutputCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to display information messages, warning messages and
+ * error messages.</p>
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.2 $
+ */
+public class TextOutputCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /** Information message */
+ public static final int INFORMATION = 0;
+
+ /** Warning message */
+ public static final int WARNING = 1;
+
+ /** Error message */
+ public static final int ERROR = 2;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int messageType;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String message;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Construct a <code>TextOutputCallback</code> with a message type and
+ * message to be displayed.</p>
+ *
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param message the message to be displayed.
+ * @throws IllegalArgumentException if <code>messageType</code> is not either
+ * <code>INFORMATION</code>, <code>WARNING</code> or <code>ERROR</code>, if
+ * <code>message</code> is <code>null</code>, or if <code>message</code> has
+ * a length of <code>0</code>.
+ */
+ public TextOutputCallback(int messageType, String message)
+ throws IllegalArgumentException
+ {
+ switch (messageType)
+ {
+ case INFORMATION:
+ case WARNING:
+ case ERROR: this.messageType = messageType; break;
+ default: throw new IllegalArgumentException("invalid message type");
+ }
+
+ setMessage(message);
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Returns the message's <code>messageType</code>.</p>
+ *
+ * @return the message type (INFORMATION, WARNING or ERROR).
+ */
+ public int getMessageType()
+ {
+ return messageType;
+ }
+
+ /**
+ * <p>Returns the <code>message</code> to be displayed.</p>
+ *
+ * @return the message to be displayed.
+ */
+ public String getMessage()
+ {
+ return message;
+ }
+
+ private void setMessage(String message) throws IllegalArgumentException
+ {
+ if ((message == null) || (message.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid message");
+ }
+ this.message = message;
+ }
+}
--- /dev/null
+/* UnsupportedCallbackException.java -- signals an unsupported callback type.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+/**
+ * Signals that a {@link CallbackHandler} does not recognize a particular
+ * {@link Callback}.
+ *
+ * @version $Revision: 1.1 $
+ */
+public class UnsupportedCallbackException extends Exception
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /** @serial */
+ private Callback callback;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Constructs an <code>UnsupportedCallbackException</code> with no detail
+ * message.
+ *
+ * @param callback the unrecognized {@link Callback}.
+ */
+ public UnsupportedCallbackException(Callback callback)
+ {
+ super();
+
+ this.callback = callback;
+ }
+
+ /**
+ * Constructs an <code>UnsupportedCallbackException</code> with the specified
+ * detail message. A detail message is a {@link String} that describes this
+ * particular exception.
+ *
+ * @param callback the unrecognized {@link Callback}.
+ * @param msg the detail message.
+ */
+ public UnsupportedCallbackException(Callback callback, String msg)
+ {
+ super(msg);
+
+ this.callback = callback;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the unrecognized {@link Callback}.
+ *
+ * @return the unrecognized {@link Callback}.
+ */
+ public Callback getCallback()
+ {
+ return this.callback;
+ }
+}
--- /dev/null
+/* AccountExpiredException.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals that an attempt was made to login to an account
+ * that has expired.
+ */
+public class AccountExpiredException extends LoginException
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -6064064890162661560L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public AccountExpiredException()
+ {
+ }
+
+ public AccountExpiredException (String message)
+ {
+ super (message);
+ }
+}
--- /dev/null
+/* AppConfigurationEntry.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AppConfigurationEntry
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private final String loginModuleName;
+ private final LoginModuleControlFlag controlFlag;
+ private final Map options;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public AppConfigurationEntry (final String loginModuleName,
+ final LoginModuleControlFlag controlFlag,
+ final Map options)
+ {
+ if (loginModuleName == null || loginModuleName.length() == 0)
+ throw new IllegalArgumentException ("module name cannot be null nor empty");
+ if (LoginModuleControlFlag.OPTIONAL != controlFlag &&
+ LoginModuleControlFlag.REQUIRED != controlFlag &&
+ LoginModuleControlFlag.REQUISITE != controlFlag &&
+ LoginModuleControlFlag.SUFFICIENT != controlFlag)
+ throw new IllegalArgumentException ("invalid controlFlag");
+ if (options == null)
+ throw new IllegalArgumentException ("options cannot be null");
+ this.loginModuleName = loginModuleName;
+ this.controlFlag = controlFlag;
+ this.options = Collections.unmodifiableMap (new HashMap (options));
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public LoginModuleControlFlag getControlFlag()
+ {
+ return controlFlag;
+ }
+
+ public String getLoginModuleName()
+ {
+ return loginModuleName;
+ }
+
+ public Map getOptions()
+ {
+ return options;
+ }
+
+\f// Inner class.
+ // -------------------------------------------------------------------------
+
+ public static class LoginModuleControlFlag
+ {
+
+ // Constants.
+ // -----------------------------------------------------------------------
+
+ public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag();
+ public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag();
+ public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag();
+ public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag();
+
+ // Constructor.
+ // -----------------------------------------------------------------------
+
+ private LoginModuleControlFlag()
+ {
+ }
+
+ // Instance methods.
+ // -----------------------------------------------------------------------
+
+ public String toString()
+ {
+ StringBuffer buf = new StringBuffer (LoginModuleControlFlag.class.getName());
+ buf.append ('.');
+ if (this == OPTIONAL)
+ buf.append ("OPTIONAL");
+ else if (this == REQUIRED)
+ buf.append ("REQUIRED");
+ else if (this == REQUISITE)
+ buf.append ("REQUISITE");
+ else if (this == SUFFICIENT)
+ buf.append ("SUFFICIENT");
+ else
+ buf.append ("HARVEY_THE_RABBIT");
+ return buf.toString();
+ }
+ }
+}
--- /dev/null
+/* Configuration.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Security;
+
+import javax.security.auth.AuthPermission;
+
+public abstract class Configuration
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static Configuration config;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ protected Configuration()
+ {
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ public static synchronized Configuration getConfiguration()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission (new AuthPermission ("getLoginConfiguration"));
+ if (config == null)
+ {
+ String conf = (String) AccessController.doPrivileged
+ (new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty ("login.configuration.provider");
+ }
+ });
+ try
+ {
+ if (conf != null)
+ config = (Configuration) Class.forName (conf).newInstance();
+ else
+ config = new NullConfiguration();
+ }
+ catch (Exception x)
+ {
+ config = new NullConfiguration();
+ }
+ }
+ return config;
+ }
+
+ public static synchronized void setConfiguration (Configuration config)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission (new AuthPermission ("setLoginConfiguration"));
+ Configuration.config = config;
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ public abstract AppConfigurationEntry[] getAppConfigurationEntry (String applicationName);
+
+ public abstract void refresh();
+}
--- /dev/null
+/* CredentialExpiredException.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals an attempt to login with a credential that
+ * has expired.
+ */
+public class CredentialExpiredException extends LoginException
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -5344739593859737937L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public CredentialExpiredException()
+ {
+ }
+
+ public CredentialExpiredException (String message)
+ {
+ super (message);
+ }
+}
--- /dev/null
+/* FailedLoginException.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals that an attempt to login was unsuccessful.
+ */
+public class FailedLoginException extends LoginException
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = 802556922354616286L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public FailedLoginException()
+ {
+ }
+
+ public FailedLoginException (String message)
+ {
+ super (message);
+ }
+}
--- /dev/null
+/* LoginContext.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+public class LoginContext
+{
+
+}
--- /dev/null
+/* LoginException.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * A general exception during authentication and authorization.
+ */
+public class LoginException extends GeneralSecurityException
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -4679091624035232488L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public LoginException()
+ {
+ }
+
+ public LoginException (String message)
+ {
+ super (message);
+ }
+}
--- /dev/null
+/* NullConfiguration.java -- no-op default login configuration.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import javax.security.auth.AuthPermission;
+
+final class NullConfiguration extends Configuration
+{
+
+ // Contructor.
+ // -------------------------------------------------------------------------
+
+ NullConfiguration()
+ {
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public AppConfigurationEntry[] getAppConfigurationEntry (String applicationName)
+ {
+ return null;
+ }
+
+ public void refresh()
+ {
+ }
+}
--- /dev/null
+/* X500PrivateCredential.java -- certificate and private key pair.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.x500;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import javax.security.auth.Destroyable;
+
+/**
+ * A pairing of a {@link X509Certificate} and its corresponding {@link
+ * PrivateKey}, with an optional keystore alias.
+ */
+public final class X500PrivateCredential implements Destroyable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private PrivateKey key;
+ private X509Certificate certificate;
+ private String alias;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new private credential with no associated keystore alias.
+ *
+ * @param certificate The X.509 certificate.
+ * @param key The private key.
+ * @throws IllegalArgumentException If either parameter is null.
+ */
+ public X500PrivateCredential (X509Certificate certificate, PrivateKey key)
+ {
+ if (certificate == null || key == null)
+ throw new IllegalArgumentException();
+ this.certificate = certificate;
+ this.key = key;
+ }
+
+ /**
+ * Creates a new private credential with a keystore alias.
+ *
+ * @param certificate The X.509 certificate.
+ * @param key The private key.
+ * @param alias The keystore alias for this credential.
+ * @throws IllegalArgumentException If any parameter is null.
+ */
+ public X500PrivateCredential (X509Certificate certificate, PrivateKey key,
+ String alias)
+ {
+ this (certificate, key);
+ if (alias == null)
+ throw new IllegalArgumentException();
+ this.alias = alias;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the certificate of this credential.
+ *
+ * @return The certificate of this credential.
+ */
+ public X509Certificate getCertificate()
+ {
+ return certificate;
+ }
+
+ /**
+ * Returns the private key of this credential.
+ *
+ * @return The private key of this credential.
+ */
+ public PrivateKey getPrivateKey()
+ {
+ return key;
+ }
+
+ /**
+ * Returns the keystore alias of this credential, or null if not present.
+ *
+ * @return The keystore alias, or null.
+ */
+ public String getAlias()
+ {
+ return alias;
+ }
+
+ /**
+ * Destroy the sensitive data of this credential, setting the certificate,
+ * private key, and keystore alias to null.
+ */
+ public void destroy()
+ {
+ certificate = null;
+ key = null;
+ alias = null;
+ }
+
+ /**
+ * Tells whether or not this credential has been destroyed, and that
+ * the certificate and private key fields are null.
+ *
+ * @return True if this object has been destroyed.
+ */
+ public boolean isDestroyed()
+ {
+ return certificate == null && key == null;
+ }
+}
--- /dev/null
+/* Certificate.java -- base class of public-key certificates.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.SignatureException;
+
+import java.util.Arrays;
+import java.util.zip.Adler32;
+
+/**
+ * <p>The base class for public-key certificates.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.Certificate} class. It should not be used in new
+ * applications.</b></p>
+ */
+public abstract class Certificate
+{
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public Certificate()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Tests if this certificate equals another.</p>
+ *
+ * @param other The object to test.
+ * @return True if the certificates are equal.
+ */
+ public boolean equals(Object other)
+ {
+ if (other == null || !(other instanceof Certificate))
+ {
+ return false;
+ }
+ if (other == this)
+ {
+ return true;
+ }
+ try
+ {
+ return Arrays.equals(getEncoded(), ((Certificate) other).getEncoded());
+ }
+ catch (CertificateEncodingException cee)
+ {
+ return false;
+ }
+ }
+
+ /**
+ * <p>Computes a hash code for this certificate.</p>
+ *
+ * @return The hash code.
+ */
+ public int hashCode()
+ {
+ try
+ {
+ Adler32 csum = new Adler32();
+ csum.update(getEncoded());
+ return (int) csum.getValue();
+ }
+ catch (CertificateEncodingException cee)
+ {
+ return 0;
+ }
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Return the encoded form of this certificate.</p>
+ *
+ * @return The encoded form.
+ * @throws CertificateEncodingException If the certificate could not be
+ * encoded.
+ */
+ public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+ /**
+ * <p>Verifies the signature of this certificate.</p>
+ *
+ * @param key The signer's public key.
+ * @throws CertificateException
+ * @throws NoSuchAlgorithmException If the algorithm used to sign the
+ * certificate is not available.
+ * @throws InvalidKeyException If the supplied key is not appropriate for the
+ * certificate's signature algorithm.
+ * @throws NoSuchProviderException
+ * @throws SignatureException If the signature could not be verified.
+ */
+ public abstract void verify(PublicKey key)
+ throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException;
+
+ /**
+ * <p>Verifies the signature of this certificate, using the specified security
+ * provider.</p>
+ *
+ * @param key The signer's public key.
+ * @param sigProvider The name of the signature provider.
+ * @throws CertificateException
+ * @throws NoSuchAlgorithmException If the algorithm used to sign the
+ * certificate is not available.
+ * @throws InvalidKeyException If the supplied key is not appropriate for the
+ * certificate's signature algorithm.
+ * @throws NoSuchProviderException If <i>sigProvider</i> is not the name of an
+ * installed provider.
+ * @throws SignatureException If the signature could not be verified.
+ */
+ public abstract void verify(PublicKey key, String sigProvider)
+ throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException;
+
+ /**
+ * <p>Returns a printable representation of this certificate.</p>
+ *
+ * @return The string.
+ */
+ public abstract String toString();
+
+ /**
+ * <p>Returns this certificate's public key.</p>
+ *
+ * @return The public key.
+ */
+ public abstract PublicKey getPublicKey();
+}
--- /dev/null
+/* CertificateEncodingException.java -- certificate encoding exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals a problem when encoding certificates.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.CertificateEncodingException} class. It should not be used
+ * in new applications.</b></p>
+ */
+public class CertificateEncodingException extends CertificateException
+{
+
+ public CertificateEncodingException()
+ {
+ super();
+ }
+
+ public CertificateEncodingException(String msg)
+ {
+ super(msg);
+ }
+}
--- /dev/null
+/* CertificateException.java -- certificate exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals a generic problem with certificates.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.CertificateException} class. It should not be used in new
+ * applications.</b></p>
+ */
+public class CertificateException extends Exception
+{
+
+ public CertificateException()
+ {
+ super();
+ }
+
+ public CertificateException(String msg)
+ {
+ super(msg);
+ }
+}
--- /dev/null
+/* CertificateExpiredException.java -- certificate expired exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals that a certificate has expired.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.CertificateExpiredException} class. It should not be used
+ * in new applications.</b></p>
+ */
+public class CertificateExpiredException extends CertificateException
+{
+
+ public CertificateExpiredException()
+ {
+ super();
+ }
+
+ public CertificateExpiredException(String msg)
+ {
+ super(msg);
+ }
+}
--- /dev/null
+/* CertificateNotYetValidException.java -- certificate not yet valid exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals that a certificate is not yet valid.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.CertificateNotYetValidException} class. It should not be
+ * used in new applications.</b></p>
+ */
+public class CertificateNotYetValidException extends CertificateException
+{
+
+ public CertificateNotYetValidException()
+ {
+ super();
+ }
+
+ public CertificateNotYetValidException(String msg)
+ {
+ super(msg);
+ }
+}
--- /dev/null
+/* CertificateParsingException.java -- certificate parsing exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals a parsing error when decoding a certificate.</p>
+ *
+ * <p><b>This class is deprecated. It should not be used in new
+ * applications.</b></p>
+ */
+public class CertificateParsingException extends CertificateException
+{
+
+ public CertificateParsingException()
+ {
+ super();
+ }
+
+ public CertificateParsingException(String msg)
+ {
+ super(msg);
+ }
+}
--- /dev/null
+/* X509CertBridge.java -- bridge between JDK and JSSE cert APIs.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+import java.math.BigInteger;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.Principal;
+import java.security.SignatureException;
+
+import java.util.Date;
+
+/**
+ * <p>An implementation of the {@link X509Certificate} class that delegates
+ * calls to a {@link java.security.cert.X509Certificate}.</p>
+ */
+final class X509CertBridge extends X509Certificate
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private java.security.cert.X509Certificate cert;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ X509CertBridge(java.security.cert.X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public byte[] getEncoded() throws CertificateEncodingException
+ {
+ try
+ {
+ return cert.getEncoded();
+ }
+ catch (java.security.cert.CertificateEncodingException cee)
+ {
+ throw new CertificateEncodingException(cee.getMessage());
+ }
+ }
+
+ public void verify(PublicKey key)
+ throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException
+ {
+ try
+ {
+ cert.verify(key);
+ }
+ catch (java.security.cert.CertificateException ce)
+ {
+ throw new CertificateException(ce.getMessage());
+ }
+ }
+
+ public void verify(PublicKey key, String sigProvider)
+ throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException
+ {
+ try
+ {
+ cert.verify(key, sigProvider);
+ }
+ catch (java.security.cert.CertificateException ce)
+ {
+ throw new CertificateException(ce.getMessage());
+ }
+ }
+
+ public String toString()
+ {
+ return cert.toString();
+ }
+
+ public PublicKey getPublicKey()
+ {
+ return cert.getPublicKey();
+ }
+
+ public void checkValidity()
+ throws CertificateExpiredException, CertificateNotYetValidException
+ {
+ try
+ {
+ cert.checkValidity();
+ }
+ catch (java.security.cert.CertificateExpiredException cee)
+ {
+ throw new CertificateExpiredException(cee.getMessage());
+ }
+ catch (java.security.cert.CertificateNotYetValidException cnyve)
+ {
+ throw new CertificateNotYetValidException(cnyve.getMessage());
+ }
+ }
+
+ public void checkValidity(Date date)
+ throws CertificateExpiredException, CertificateNotYetValidException
+ {
+ try
+ {
+ cert.checkValidity(date);
+ }
+ catch (java.security.cert.CertificateExpiredException cee)
+ {
+ throw new CertificateExpiredException(cee.getMessage());
+ }
+ catch (java.security.cert.CertificateNotYetValidException cnyve)
+ {
+ throw new CertificateNotYetValidException(cnyve.getMessage());
+ }
+ }
+
+ public int getVersion()
+ {
+ return cert.getVersion();
+ }
+
+ public BigInteger getSerialNumber()
+ {
+ return cert.getSerialNumber();
+ }
+
+ public Principal getIssuerDN()
+ {
+ return cert.getIssuerDN();
+ }
+
+ public Principal getSubjectDN()
+ {
+ return cert.getSubjectDN();
+ }
+
+ public Date getNotBefore()
+ {
+ return cert.getNotBefore();
+ }
+
+ public Date getNotAfter()
+ {
+ return cert.getNotAfter();
+ }
+
+ public String getSigAlgName()
+ {
+ return cert.getSigAlgName();
+ }
+
+ public String getSigAlgOID()
+ {
+ return cert.getSigAlgOID();
+ }
+
+ public byte[] getSigAlgParams()
+ {
+ return cert.getSigAlgParams();
+ }
+}
--- /dev/null
+/* X509Certificate.java -- base class of X.509 certificates.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
+import java.security.cert.CertificateFactory;
+
+import java.util.Date;
+
+/**
+ * <p>The base class of all X.509 certificates.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.X509Certificate} class. It should not be used in new
+ * applications.</b></p>
+ */
+public abstract class X509Certificate extends Certificate
+{
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Get an instance of X509Certificate for the given encoded bytes.</p>
+ *
+ * @param encoded The encoded certificate.
+ * @return An instance of X509Certificate.
+ * @throws CertificateException If the encoded certificate cannot be parsed.
+ */
+ public static X509Certificate getInstance(byte[] encoded)
+ throws CertificateException
+ {
+ return getInstance(new ByteArrayInputStream(encoded));
+ }
+
+ /**
+ * <p>Get an instance of X509Certificate for the given encoded stream.</p>
+ *
+ * @param encoded The encoded certificate stream..
+ * @return An instance of X509Certificate.
+ * @throws CertificateException If the encoded certificate cannot be parsed.
+ */
+ public static X509Certificate getInstance(InputStream encoded)
+ throws CertificateException
+ {
+ try
+ {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ return new X509CertBridge((java.security.cert.X509Certificate)
+ cf.generateCertificate(encoded));
+ }
+ catch (java.security.cert.CertificateException ce)
+ {
+ throw new CertificateException(ce.getMessage());
+ }
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Check if this certificate is valid now.</p>
+ *
+ * @throws CertificateExpiredException If the certificate has expired.
+ * @throws CertificateNotYetValidException If the certificate is not yet valid.
+ * @see #checkValidity(java.util.Date)
+ */
+ public abstract void checkValidity()
+ throws CertificateExpiredException, CertificateNotYetValidException;
+
+ /**
+ * <p>Check if this certificate is valid for the given date.</p>
+ *
+ * @param date The date to check.
+ * @throws CertificateExpiredException If the certificate has expired.
+ * @throws CertificateNotYetValidException If the certificate is not yet valid.
+ */
+ public abstract void checkValidity(Date date)
+ throws CertificateExpiredException, CertificateNotYetValidException;
+
+ /**
+ * <p>Returns the X.509 version number.</p>
+ *
+ * @return The version number.
+ */
+ public abstract int getVersion();
+
+ /**
+ * <p>Returns this certificate's serial number.</p>
+ *
+ * @return The serial number.
+ */
+ public abstract BigInteger getSerialNumber();
+
+ /**
+ * <p>Returns the distinguished name of this certificate's issuer.</p>
+ *
+ * @return The issuer's distinguished name.
+ */
+ public abstract Principal getIssuerDN();
+
+ /**
+ * <p>Returns the distinguished name of this certificate's subject.</p>
+ *
+ * @return The subject's distinguished name.
+ */
+ public abstract Principal getSubjectDN();
+
+ /**
+ * <p>Returns the <i>not before</i> portion of this certificate's validity
+ * period.</p>
+ *
+ * @return The not before date.
+ */
+ public abstract Date getNotBefore();
+
+ /**
+ * <p>Returns the <i>not after</i> portion of this certificate's validity
+ * period.</p>
+ *
+ * @return The not after date.
+ */
+ public abstract Date getNotAfter();
+
+ /**
+ * <p>Returns the name of this certificate's signature algorithm.</p>
+ *
+ * @return The name of the signature algorithm.
+ */
+ public abstract String getSigAlgName();
+
+ /**
+ * <p>Returns the object identifier (OID) of this certificate's signature
+ * algorithm. The returned string is a sequence of integers separated by
+ * periods.</p>
+ *
+ * @return The signature OID.
+ */
+ public abstract String getSigAlgOID();
+
+ /**
+ * <p>Returns the signature parameters. The returned byte array contains the
+ * raw DER-encoded parameters.</p>
+ *
+ * @return The signature parameters.
+ */
+ public abstract byte[] getSigAlgParams();
+}
--- /dev/null
+/* AuthenticationException.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpathis free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpathis distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+/**
+ * <p>This exception is thrown by a SASL mechanism implementation to indicate
+ * that the SASL exchange has failed due to reasons related to authentication,
+ * such as an invalid identity, passphrase, or key.</p>
+ *
+ * <p>Note that the lack of an <code>AuthenticationException</code> does not
+ * mean that the failure was not due to an authentication error. A SASL
+ * mechanism implementation might throw the more general {@link SaslException}
+ * instead of <code>AuthenticationException</code> if it is unable to determine
+ * the nature of the failure, or if does not want to disclose the nature of the
+ * failure, for example, due to security reasons.</p>
+ */
+public class AuthenticationException extends SaslException
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Constructs a new instance of <code>AuthenticationException</code>. The
+ * root exception and the detailed message are <code>null</code>.
+ */
+ public AuthenticationException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs a new instance of <code>AuthenticationException</code> with a
+ * detailed message. The root exception is <code>null</code>.
+ *
+ * @param detail a possibly <code>null</code> string containing details of
+ * the exception.
+ * @see Throwable#getMessage()
+ */
+ public AuthenticationException(String detail)
+ {
+ super(detail);
+ }
+
+ /**
+ * Constructs a new instance of <code>AuthenticationException</code> with a
+ * detailed message and a root exception.
+ *
+ * @param detail a possibly <code>null</code> string containing details of
+ * the exception.
+ * @param ex a possibly <code>null</code> root exception that caused this
+ * exception.
+ * @see Throwable#getMessage()
+ * @see SaslException#getCause()
+ */
+ public AuthenticationException(String detail, Throwable ex)
+ {
+ super(detail, ex);
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+}
--- /dev/null
+/* AuthorizeCallback.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpathis free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpathis distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * This callback is used by {@link SaslServer} to determine whether one entity
+ * (identified by an authenticated authentication ID) can act on behalf of
+ * another entity (identified by an authorization ID).
+ */
+public class AuthorizeCallback implements Callback
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /** @serial The (authenticated) authentication id to check. */
+ private String authenticationID = null;
+
+ /** @serial The authorization id to check. */
+ private String authorizationID = null;
+
+ /**
+ * @serial The id of the authorized entity. If null, the id of the authorized
+ * entity is authorizationID.
+ */
+ private String authorizedID = null;
+
+ /**
+ * @serial A flag indicating whether the authentication id is allowed to act
+ * on behalf of the authorization id.
+ */
+ private boolean authorized = false;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Constructs an instance of <code>AuthorizeCallback</code>.
+ *
+ * @param authnID the (authenticated) authentication ID.
+ * @param authzID the authorization ID.
+ */
+ public AuthorizeCallback(String authnID, String authzID)
+ {
+ super();
+
+ this.authenticationID = authnID;
+ this.authorizationID = authzID;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the authentication ID to check.
+ *
+ * @return the authentication ID to check
+ */
+ public String getAuthenticationID()
+ {
+ return authenticationID;
+ }
+
+ /**
+ * Returns the authorization ID to check.
+ *
+ * @return the authorization ID to check.
+ */
+ public String getAuthorizationID()
+ {
+ return authorizationID;
+ }
+
+ /**
+ * Determines if the identity represented by authentication ID is allowed to
+ * act on behalf of the authorization ID.
+ *
+ * @return <code>true</code> if authorization is allowed; <code>false</code>
+ * otherwise.
+ * @see #setAuthorized(boolean)
+ * @see #getAuthorizedID()
+ */
+ public boolean isAuthorized()
+ {
+ return authorized;
+ }
+
+ /**
+ * Sets if authorization is allowed or not.
+ *
+ * @param authorized <code>true</code> if authorization is allowed;
+ * <code>false</code> otherwise.
+ * @see #isAuthorized()
+ * @see #setAuthorizedID(String)
+ */
+ public void setAuthorized(boolean authorized)
+ {
+ this.authorized = authorized;
+ }
+
+ /**
+ * Returns the ID of the authorized user.
+ *
+ * @return the ID of the authorized user. <code>null</code> means the
+ * authorization failed.
+ * @see #setAuthorized(boolean)
+ * @see #setAuthorizedID(String)
+ */
+ public String getAuthorizedID()
+ {
+ if (!authorized)
+ {
+ return null;
+ }
+ return (authorizedID != null ? authorizedID : authorizationID);
+ }
+
+ /**
+ * Sets the ID of the authorized entity. Called by handler only when the ID
+ * is different from {@link #getAuthorizationID()}. For example, the ID might
+ * need to be canonicalized for the environment in which it will be used.
+ *
+ * @see #setAuthorized(boolean)
+ * @see #getAuthorizedID()
+ */
+ public void setAuthorizedID(String id)
+ {
+ this.authorizedID = id;
+ }
+}
--- /dev/null
+/* RealmCallback.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import javax.security.auth.callback.TextInputCallback;
+
+/**
+ * This callback is used by {@link SaslClient} and {@link SaslServer} to
+ * retrieve realm information.
+ */
+public class RealmCallback extends TextInputCallback
+{
+
+ /**
+ * Constructs a <code>RealmCallback</code> with a prompt.
+ *
+ * @param prompt the non-null prompt to use to request the realm information.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or empty.
+ */
+ public RealmCallback(String prompt)
+ {
+ super(prompt);
+ }
+
+ /**
+ * Constructs a <code>RealmCallback</code> with a prompt and default realm
+ * information.
+ *
+ * @param prompt the non-null prompt to use to request the realm information.
+ * @param defaultRealmInfo the non-null default realm information to use.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or empty, or if <code>defaultRealm</code> is empty or <code>null</code>.
+ */
+ public RealmCallback(String prompt, String defaultRealmInfo)
+ {
+ super(prompt, defaultRealmInfo);
+ }
+}
--- /dev/null
+/* RealmChoiceCallback.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import javax.security.auth.callback.ChoiceCallback;
+
+/**
+ * This callback is used by {@link SaslClient} and {@link SaslServer} to obtain
+ * a realm given a list of realm choices.
+ */
+public class RealmChoiceCallback extends ChoiceCallback
+{
+
+ /**
+ * Constructs a <code>RealmChoiceCallback</code> with a prompt, a list of
+ * choices and a default choice.
+ *
+ * @param prompt the non-null prompt to use to request the realm.
+ * @param choices the non-null list of realms to choose from.
+ * @param defaultChoice the choice to be used as the default when the list of
+ * choices is displayed. It is an index into the <code>choices</code> array.
+ * @param multiple <code>true</code> if multiple choices allowed;
+ * <code>false</code> otherwise.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or empty, if <code>choices</code> has a length of <code>0</code>, if any
+ * element from <code>choices</code> is <code>null</code> or empty, or if
+ * <code>defaultChoice</code> does not fall within the array boundary of
+ * <code>choices</code>.
+ */
+ public RealmChoiceCallback(String prompt, String[] choices, int defaultChoice,
+ boolean multiple)
+ {
+ super(prompt, choices, defaultChoice, multiple);
+ }
+}
--- /dev/null
+/* Sasl.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Vector;
+import java.security.Security;
+import java.security.Provider;
+
+import javax.security.auth.callback.CallbackHandler;
+
+/**
+ * <p>A static class for creating SASL clients and servers.</p>
+ *
+ * <p>This class defines the policy of how to locate, load, and instantiate SASL
+ * clients and servers.</p>
+ *
+ * <p>For example, an application or library gets a SASL client instance by
+ * doing something like:</p>
+ *
+ * <pre>
+ *SaslClient sc =
+ * Sasl.createSaslClient(mechanisms, authorizationID, protocol,
+ * serverName, props, callbackHandler);
+ * </pre>
+ *
+ * <p>It can then proceed to use the instance to create an authenticated
+ * connection.</p>
+ *
+ * <p>Similarly, a server gets a SASL server instance by using code that looks
+ * as follows:</p>
+ *
+ * <pre>
+ *SaslServer ss =
+ * Sasl.createSaslServer(mechanism, protocol, serverName, props,
+ * callbackHandler);
+ * </pre>
+ */
+public class Sasl
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>The name of a property that specifies the quality-of-protection to use.
+ * The property contains a comma-separated, ordered list of quality-of-
+ * protection values that the client or server is willing to support. A qop
+ * value is one of:</p>
+ *
+ * <ul>
+ * <li><code>"auth"</code> - authentication only,</li>
+ * <li><code>"auth-int"</code> - authentication plus integrity
+ * protection,</li>
+ * <li><code>"auth-conf"</code> - authentication plus integrity and
+ * confidentiality protection.</li>
+ * </ul>
+ *
+ * <p>The order of the list specifies the preference order of the client or
+ * server.</p>
+ *
+ * <p>If this property is absent, the default qop is <code>"auth"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.qop"</code>.</p>
+ */
+ public static final String QOP = "javax.security.sasl.qop";
+
+ /**
+ * <p>The name of a property that specifies the cipher strength to use. The
+ * property contains a comma-separated, ordered list of cipher strength
+ * values that the client or server is willing to support. A strength value
+ * is one of:</p>
+ *
+ * <ul>
+ * <li><code>"low"</code>,</li>
+ * <li><code>"medium"</code>,</li>
+ * <li><code>"high"</code>.</li>
+ * </ul>
+ *
+ * <p>The order of the list specifies the preference order of the client or
+ * server. An implementation should allow configuration of the meaning of
+ * these values. An application may use the Java Cryptography Extension (JCE)
+ * with JCE-aware mechanisms to control the selection of cipher suites that
+ * match the strength values.</p>
+ *
+ * <p>If this property is absent, the default strength is
+ * <code>"high,medium,low"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.strength"</code>.
+ * </p>
+ */
+ public static final String STRENGTH = "javax.security.sasl.strength";
+
+ /**
+ * <p>The name of a property that specifies whether the server must authenticate
+ * to the client. The property contains <code>"true"</code> if the server
+ * must authenticate the to client; <code>"false"</code> otherwise. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is
+ * <code>"javax.security.sasl.server.authentication"</code>.</p>
+ */
+ public static final String SERVER_AUTH = "javax.security.sasl.server.authentication";
+
+ /**
+ * <p>The name of a property that specifies the maximum size of the receive
+ * buffer in bytes of {@link SaslClient}/{@link SaslServer}. The property
+ * contains the string representation of an integer.</p>
+ *
+ * <p>If this property is absent, the default size is defined by the
+ * mechanism.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.maxbuffer"</code>.
+ * </p>
+ */
+ public static final String MAX_BUFFER = "javax.security.sasl.maxbuffer";
+
+ /**
+ * <p>The name of a property that specifies the maximum size of the raw send
+ * buffer in bytes of {@link SaslClient}/{@link SaslServer}. The property
+ * contains the string representation of an integer. The value of this
+ * property is negotiated between the client and server during the
+ * authentication exchange.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.rawsendsize"</code>.
+ * </p>
+ */
+ public static final String RAW_SEND_SIZE = "javax.security.sasl.rawsendsize";
+
+ /**
+ * <p>The name of a property that specifies whether mechanisms susceptible
+ * to simple plain passive attacks (e.g., "PLAIN") are not permitted. The
+ * property contains <code>"true"</code> if such mechanisms are not
+ * permitted; <code>"false"</code> if such mechanisms are permitted. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.noplaintext"</code>.
+ * </p>
+ */
+ public static final String POLICY_NOPLAINTEXT = "javax.security.sasl.policy.noplaintext";
+
+ /**
+ * <p>The name of a property that specifies whether mechanisms susceptible to
+ * active (non-dictionary) attacks are not permitted. The property contains
+ * <code>"true"</code> if mechanisms susceptible to active attacks are not
+ * permitted; <code>"false"</code> if such mechanisms are permitted. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.noactive"</code>.
+ * </p>
+ */
+ public static final String POLICY_NOACTIVE = "javax.security.sasl.policy.noactive";
+
+ /**
+ * <p>The name of a property that specifies whether mechanisms susceptible to
+ * passive dictionary attacks are not permitted. The property contains
+ * <code>"true"</code> if mechanisms susceptible to dictionary attacks are
+ * not permitted; <code>"false"</code> if such mechanisms are permitted. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.nodictionary"</code>.
+ * </p>
+ */
+ public static final String POLICY_NODICTIONARY = "javax.security.sasl.policy.nodictionary";
+
+ /**
+ * <p>The name of a property that specifies whether mechanisms that accept
+ * anonymous login are not permitted. The property contains <code>"true"</code>
+ * if mechanisms that accept anonymous login are not permitted; <code>"false"
+ * </code> if such mechanisms are permitted. The default is <code>"false"</code>.
+ * </p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.noanonymous"</code>.
+ * </p>
+ */
+ public static final String POLICY_NOANONYMOUS = "javax.security.sasl.policy.noanonymous";
+
+ /**
+ * The name of a property that specifies whether mechanisms that implement
+ * forward secrecy between sessions are required. Forward secrecy means that
+ * breaking into one session will not automatically provide information for
+ * breaking into future sessions. The property contains <code>"true"</code>
+ * if mechanisms that implement forward secrecy between sessions are
+ * required; <code>"false"</code> if such mechanisms are not required. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.forward"</code>.
+ * </p>
+ */
+ public static final String POLICY_FORWARD_SECRECY = "javax.security.sasl.policy.forward";
+
+ /**
+ * The name of a property that specifies whether mechanisms that pass client
+ * credentials are required. The property contains <code>"true"</code> if
+ * mechanisms that pass client credentials are required; <code>"false"</code>
+ * if such mechanisms are not required. The default is <code>"false"</code>.
+ * </p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.credentials"</code>.
+ * </p>
+ */
+ public static final String POLICY_PASS_CREDENTIALS = "javax.security.sasl.policy.credentials";
+
+ /**
+ * <p>The name of a property that specifies whether to reuse previously
+ * authenticated session information. The property contains <code>"true"</code>
+ * if the mechanism implementation may attempt to reuse previously
+ * authenticated session information; it contains <code>"false"</code> if the
+ * implementation must not reuse previously authenticated session information.
+ * A setting of <code>"true"</code> serves only as a hint; it does not
+ * necessarily entail actual reuse because reuse might not be possible due to
+ * a number of reasons, including, but not limited to, lack of mechanism
+ * support for reuse, expiration of reusable information, and the peer's
+ * refusal to support reuse. The property's default value is <code>"false"</code>.
+ * </p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.reuse"</code>.
+ * Note that all other parameters and properties required to create a SASL
+ * client/server instance must be provided regardless of whether this
+ * property has been supplied. That is, you cannot supply any less
+ * information in anticipation of reuse. Mechanism implementations that
+ * support reuse might allow customization of its implementation for factors
+ * such as cache size, timeouts, and criteria for reuseability. Such
+ * customizations are implementation-dependent.</p>
+ */
+ public static final String REUSE = "javax.security.sasl.reuse";
+
+ private static final String CLIENT_FACTORY_SVC = "SaslClientFactory.";
+ private static final String SERVER_FACTORY_SVC = "SaslServerFactory.";
+ private static final String ALIAS = "Alg.Alias.";
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ private Sasl()
+ {
+ super();
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Creates a {@link SaslClient} for the specified mechanism.</p>
+ *
+ * <p>This method uses the JCA Security Provider Framework, described in the
+ * "Java Cryptography Architecture API Specification & Reference", for
+ * locating and selecting a {@link SaslClient} implementation.</p>
+ *
+ * <p>First, it obtains an ordered list of {@link SaslClientFactory}
+ * instances from the registered security providers for the
+ * <code>"SaslClientFactory"</code> service and the specified mechanism. It
+ * then invokes <code>createSaslClient()</code> on each factory instance on
+ * the list until one produces a non-null {@link SaslClient} instance. It
+ * returns the non-null {@link SaslClient} instance, or <code>null</code> if
+ * the search fails to produce a non-null {@link SaslClient} instance.</p>
+ *
+ * <p>A security provider for <code>SaslClientFactory</code> registers with
+ * the JCA Security Provider Framework keys of the form:</p>
+ *
+ * <pre>
+ * SaslClientFactory.mechanism_name
+ * </pre>
+ *
+ * <p>and values that are class names of implementations of {@link
+ * SaslClientFactory}.</p>
+ *
+ * <p>For example, a provider that contains a factory class,
+ * <code>com.wiz.sasl.digest.ClientFactory</code>, that supports the
+ * <code>"DIGEST-MD5"</code> mechanism would register the following entry
+ * with the JCA:</p>
+ *
+ * <pre>
+ * SaslClientFactory.DIGEST-MD5 com.wiz.sasl.digest.ClientFactory
+ * </pre>
+ *
+ * <p>See the "Java Cryptography Architecture API Specification &
+ * Reference" for information about how to install and configure security
+ * service providers.</p>
+ *
+ * @param mechanisms the non-null list of mechanism names to try. Each is the
+ * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
+ * @param authorizationID the possibly <code>null</code> protocol-dependent
+ * identification to be used for authorization. If <code>null</code> or
+ * empty, the server derives an authorization ID from the client's
+ * authentication credentials. When the SASL authentication completes
+ * successfully, the specified entity is granted access.
+ * @param protocol the non-null string name of the protocol for which the
+ * authentication is being performed (e.g. "ldap").
+ * @param serverName the non-null fully-qualified host name of the server to
+ * authenticate to.
+ * @param props the possibly null set of properties used to select the SASL
+ * mechanism and to configure the authentication exchange of the selected
+ * mechanism. For example, if props contains the {@link Sasl#POLICY_NOPLAINTEXT}
+ * property with the value <code>"true"</code>, then the selected SASL
+ * mechanism must not be susceptible to simple plain passive attacks. In
+ * addition to the standard properties declared in this class, other,
+ * possibly mechanism-specific, properties can be included. Properties not
+ * relevant to the selected mechanism are ignored.
+ * @param cbh the possibly <code>null</code> callback handler to used by the
+ * SASL mechanisms to get further information from the application/library to
+ * complete the authentication. For example, a SASL mechanism might require
+ * the authentication ID, password and realm from the caller. The
+ * authentication ID is requested by using a
+ * {@link javax.security.auth.callback.NameCallback}. The password is
+ * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
+ * The realm is requested by using a {@link RealmChoiceCallback} if there is
+ * a list of realms to choose from, and by using a {@link RealmCallback} if
+ * the realm must be entered.
+ * @return a possibly <code>null</code> {@link SaslClient} created using the
+ * parameters supplied. If <code>null</code>, the method could not find a
+ * {@link SaslClientFactory} that will produce one.
+ * @throws SaslException if a {@link SaslClient} cannot be created because
+ * of an error.
+ */
+ public static SaslClient createSaslClient(String[] mechanisms,
+ String authorizationID,
+ String protocol,
+ String serverName, Map props,
+ CallbackHandler cbh)
+ throws SaslException
+ {
+ if (mechanisms == null)
+ {
+ return null;
+ }
+ Provider[] providers = Security.getProviders();
+ if (providers == null || providers.length == 0)
+ {
+ return null;
+ }
+
+ SaslClient result = null;
+ SaslClientFactory factory = null;
+ String m, clazz = null, upper, alias;
+ int j;
+ Provider p;
+ for (int i = 0; i < mechanisms.length; i++)
+ {
+ m = mechanisms[i];
+ if (m == null)
+ continue;
+ for (j = 0; j < providers.length; j++)
+ {
+ p = providers[j];
+ if (p != null)
+ {
+ // try the name as is
+ clazz = p.getProperty(CLIENT_FACTORY_SVC + m);
+ if (clazz == null) // try all uppercase
+ {
+ upper = m.toUpperCase();
+ clazz = p.getProperty(CLIENT_FACTORY_SVC + upper);
+ if (clazz == null) // try if it's an alias
+ {
+ alias = p.getProperty(ALIAS + CLIENT_FACTORY_SVC + m);
+ if (alias == null) // try all-uppercase alias name
+ {
+ alias = p.getProperty(ALIAS + CLIENT_FACTORY_SVC + upper);
+ if (alias == null) // spit the dummy
+ continue;
+ }
+ clazz = p.getProperty(CLIENT_FACTORY_SVC + alias);
+ }
+ }
+ if (clazz == null)
+ continue;
+ else
+ clazz = clazz.trim();
+ }
+
+ try
+ {
+ result = null;
+ factory = (SaslClientFactory) Class.forName(clazz).newInstance();
+ result = factory.createSaslClient(mechanisms, authorizationID,
+ protocol, serverName, props, cbh);
+ }
+ catch (ClassCastException ignored) // ignore instantiation exceptions
+ {
+ }
+ catch (ClassNotFoundException ignored)
+ {
+ }
+ catch (InstantiationException ignored)
+ {
+ }
+ catch (IllegalAccessException ignored)
+ {
+ }
+ if (result != null)
+ return result;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Gets an enumeration of known factories for producing a {@link SaslClient}
+ * instance. This method uses the same sources for locating factories as
+ * <code>createSaslClient()</code>.
+ *
+ * @return a non-null {@link Enumeration} of known factories for producing a
+ * {@link SaslClient} instance.
+ * @see #createSaslClient(String[],String,String,String,Map,CallbackHandler)
+ */
+ public static Enumeration getSaslClientFactories()
+ {
+ Vector result = new Vector();
+ HashSet names = new HashSet();
+ Provider[] providers = Security.getProviders();
+ Iterator it;
+ if (providers == null)
+ {
+ Provider p;
+ String key;
+ for (int i = 0; i < providers.length; i++)
+ {
+ p = providers[i];
+ for (it = p.keySet().iterator(); it.hasNext(); )
+ {
+ key = (String) it.next();
+ // add key's binding (a) it is a class of a client factory,
+ // and (b) the key does not include blanks
+ if (key.startsWith(CLIENT_FACTORY_SVC) && key.indexOf(" ") == -1)
+ {
+ names.add(p.getProperty(key));
+ break;
+ }
+ }
+ }
+ }
+ // we have the factory class names in names; instantiate and enumerate
+ String c;
+ for (it = names.iterator(); it.hasNext(); )
+ {
+ c = (String) it.next();
+ try
+ {
+ SaslClientFactory f = (SaslClientFactory) Class.forName(c).newInstance();
+ if (f != null)
+ result.add(f);
+ } catch (ClassCastException ignored) { // ignore instantiation exceptions
+ } catch (ClassNotFoundException ignored) {
+ } catch (InstantiationException ignored) {
+ } catch (IllegalAccessException ignored) {
+ }
+ }
+
+ return result.elements();
+ }
+
+ /**
+ * <p>Creates a {@link SaslServer} for the specified mechanism.</p>
+ *
+ * <p>This method uses the JCA Security Provider Framework, described in the
+ * "Java Cryptography Architecture API Specification & Reference", for
+ * locating and selecting a SaslServer implementation.</p>
+ *
+ * <p>First, it obtains an ordered list of {@link SaslServerFactory}
+ * instances from the registered security providers for the
+ * <code>"SaslServerFactory"</code> service and the specified mechanism. It
+ * then invokes <code>createSaslServer()</code> on each factory instance on
+ * the list until one produces a non-null {@link SaslServer} instance. It
+ * returns the non-null {@link SaslServer} instance, or <code>null</code> if
+ * the search fails to produce a non-null {@link SaslServer} instance.</p>
+ *
+ * <p>A security provider for {@link SaslServerFactory} registers with the
+ * JCA Security Provider Framework keys of the form:</p>
+ *
+ * <pre>
+ * SaslServerFactory.mechanism_name
+ * </pre>
+ *
+ * <p>and values that are class names of implementations of {@link
+ * SaslServerFactory}.</p>
+ *
+ * <p>For example, a provider that contains a factory class,
+ * <code>com.wiz.sasl.digest.ServerFactory</code>, that supports the
+ * <code>"DIGEST-MD5"</code> mechanism would register the following entry
+ * with the JCA:</p>
+ *
+ * <pre>
+ * SaslServerFactory.DIGEST-MD5 com.wiz.sasl.digest.ServerFactory
+ * </pre></p>
+ *
+ * <p>See the "Java Cryptography Architecture API Specification &
+ * Reference" for information about how to install and configure security
+ * service providers.</p>
+ *
+ * @param mechanism the non-null mechanism name. It must be an
+ * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
+ * @param protocol the non-null string name of the protocol for which the
+ * authentication is being performed (e.g. "ldap").
+ * @param serverName the non-null fully qualified host name of the server.
+ * @param props the possibly <code>null</code> set of properties used to
+ * select the SASL mechanism and to configure the authentication exchange of
+ * the selected mechanism. For example, if props contains the {@link
+ * Sasl#POLICY_NOPLAINTEXT} property with the value <code>"true"</code>, then
+ * the selected SASL mechanism must not be susceptible to simple plain
+ * passive attacks. In addition to the standard properties declared in this
+ * class, other, possibly mechanism-specific, properties can be included.
+ * Properties not relevant to the selected mechanism are ignored.
+ * @param cbh the possibly <code>null</code> callback handler to used by the
+ * SASL mechanisms to get further information from the application/library to
+ * complete the authentication. For example, a SASL mechanism might require
+ * the authentication ID, password and realm from the caller. The
+ * authentication ID is requested by using a
+ * {@link javax.security.auth.callback.NameCallback}. The password is
+ * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
+ * The realm is requested by using a {@link RealmChoiceCallback} if there is
+ * a list of realms to choose from, and by using a {@link RealmCallback} if
+ * the realm must be entered.
+ * @return a possibly <code>null</code> {@link SaslServer} created using the
+ * parameters supplied. If <code>null</code>, the method cannot find a
+ * {@link SaslServerFactory} instance that will produce one.
+ * @throws SaslException if a {@link SaslServer} instance cannot be created
+ * because of an error.
+ */
+ public static SaslServer createSaslServer(String mechanism, String protocol,
+ String serverName,
+ Map props, CallbackHandler cbh)
+ throws SaslException
+ {
+ if (mechanism == null)
+ return null;
+ Provider[] providers = Security.getProviders();
+ if (providers == null || providers.length == 0)
+ return null;
+
+ SaslServer result = null;
+ SaslServerFactory factory = null;
+ String clazz = null, upper, alias = null;
+ int j;
+ Provider p;
+ for (j = 0; j < providers.length; j++)
+ {
+ p = providers[j];
+ if (p != null)
+ {
+ // try the name as is
+ clazz = p.getProperty(SERVER_FACTORY_SVC + mechanism);
+ if (clazz == null) // try all uppercase
+ {
+ upper = mechanism.toUpperCase();
+ clazz = p.getProperty(SERVER_FACTORY_SVC + upper);
+ if (clazz == null) // try if it's an alias
+ {
+ alias = p.getProperty(ALIAS + SERVER_FACTORY_SVC + mechanism);
+ if (alias == null) // try all-uppercase alias name
+ {
+ alias = p.getProperty(ALIAS + SERVER_FACTORY_SVC + upper);
+ if (alias == null) // spit the dummy
+ continue;
+ }
+ }
+ clazz = p.getProperty(SERVER_FACTORY_SVC + alias);
+ }
+ }
+ if (clazz == null)
+ continue;
+ else
+ clazz = clazz.trim();
+
+ try
+ {
+ result = null;
+ factory = (SaslServerFactory) Class.forName(clazz).newInstance();
+ result =
+ factory.createSaslServer(mechanism, protocol, serverName, props, cbh);
+ }
+ catch (ClassCastException ignored) // ignore instantiation exceptions
+ {
+ }
+ catch (ClassNotFoundException ignored)
+ {
+ }
+ catch (InstantiationException ignored)
+ {
+ }
+ catch (IllegalAccessException ignored)
+ {
+ }
+ if (result != null)
+ return result;
+ }
+ return null;
+ }
+
+ /**
+ * Gets an enumeration of known factories for producing a {@link SaslServer}
+ * instance. This method uses the same sources for locating factories as
+ * <code>createSaslServer()</code>.
+ *
+ * @return a non-null {@link Enumeration} of known factories for producing a
+ * {@link SaslServer} instance.
+ * @see #createSaslServer(String,String,String,Map,CallbackHandler)
+ */
+ public static Enumeration getSaslServerFactories()
+ {
+ Vector result = new Vector();
+ HashSet names = new HashSet();
+ Provider[] providers = Security.getProviders();
+ Iterator it;
+ if (providers == null)
+ {
+ Provider p;
+ String key;
+ for (int i = 0; i < providers.length; i++)
+ {
+ p = providers[i];
+ for (it = p.keySet().iterator(); it.hasNext(); )
+ {
+ key = (String) it.next();
+ // add key's binding (a) it is a class of a server factory,
+ // and (b) the key does not include blanks
+ if (key.startsWith(SERVER_FACTORY_SVC) && key.indexOf(" ") == -1)
+ {
+ names.add(p.getProperty(key));
+ break;
+ }
+ }
+ }
+ }
+ // we have the factory class names in names; instantiate and enumerate
+ String c;
+ for (it = names.iterator(); it.hasNext(); )
+ {
+ c = (String) it.next();
+ try
+ {
+ SaslServerFactory f = (SaslServerFactory) Class.forName(c).newInstance();
+ if (f != null)
+ result.add(f);
+ }
+ catch (ClassCastException ignored) // ignore instantiation exceptions
+ {
+ }
+ catch (ClassNotFoundException ignored)
+ {
+ }
+ catch (InstantiationException ignored)
+ {
+ }
+ catch (IllegalAccessException ignored)
+ {
+ }
+ }
+
+ return result.elements();
+ }
+}
--- /dev/null
+/* SaslClient.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpathis free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpathis distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+/**
+ * <p>Performs SASL authentication as a client.</p>
+ *
+ * <p>A protocol library such as one for LDAP gets an instance of this class in
+ * order to perform authentication defined by a specific SASL mechanism.
+ * Invoking methods on the <code>SaslClient</code> instance process challenges
+ * and create responses according to the SASL mechanism implemented by the
+ * <code>SaslClient</code>. As the authentication proceeds, the instance
+ * encapsulates the state of a SASL client's authentication exchange.</p>
+ *
+ * <p>Here's an example of how an LDAP library might use a <code>SaslClient</code>.
+ * It first gets an instance of a SaslClient:</p>
+ * <pre>
+ *SaslClient sc =
+ * Sasl.createSaslClient(mechanisms, authorizationID, protocol,
+ * serverName, props, callbackHandler);
+ * </pre>
+ *
+ * <p>It can then proceed to use the client for authentication. For example, an
+ * LDAP library might use the client as follows:</p>
+ * <pre>
+ * // Get initial response and send to server
+ *byte[] response = sc.hasInitialResponse()
+ * ? sc.evaluateChallenge(new byte[0]) : null;
+ *LdapResult res = ldap.sendBindRequest(dn, sc.getName(), response);
+ *while (!sc.isComplete()
+ * && ((res.status == SASL_BIND_IN_PROGRESS) || (res.status == SUCCESS))) {
+ * response = sc.evaluateChallenge( res.getBytes() );
+ * if (res.status == SUCCESS) {
+ * // we're done; don't expect to send another BIND
+ * if ( response != null ) {
+ * throw new SaslException(
+ * "Protocol error: attempting to send response after completion");
+ * }
+ * break;
+ * }
+ * res = ldap.sendBindRequest(dn, sc.getName(), response);
+ *}
+ *if (sc.isComplete() && (res.status == SUCCESS) ) {
+ * String qop = (String)sc.getNegotiatedProperty(Sasl.QOP);
+ * if ((qop != null)
+ * && (qop.equalsIgnoreCase("auth-int")
+ * || qop.equalsIgnoreCase("auth-conf"))) {
+ * // Use SaslClient.wrap() and SaslClient.unwrap() for future
+ * // communication with server
+ * ldap.in = new SecureInputStream(sc, ldap.in);
+ * ldap.out = new SecureOutputStream(sc, ldap.out);
+ * }
+ *}
+ * </pre>
+ *
+ * <p>If the mechanism has an initial response, the library invokes
+ * {@link #evaluateChallenge(byte[])} with an empty challenge to get the initial
+ * response. Protocols such as IMAP4, which do not include an initial response
+ * with their first authentication command to the server, initiate the
+ * authentication without first calling {@link #hasInitialResponse()} or
+ * {@link #evaluateChallenge(byte[])}. When the server responds to the command,
+ * it sends an initial challenge. For a SASL mechanism in which the client sends
+ * data first, the server should have issued a challenge with no data. This will
+ * then result in a call (on the client) to {@link #evaluateChallenge(byte[])}
+ * with an empty challenge.</p>
+ *
+ * @see Sasl
+ * @see SaslClientFactory
+ * @version $Revision: 1.1 $
+ */
+public interface SaslClient
+{
+
+ /**
+ * Returns the IANA-registered mechanism name of this SASL client. (e.g.
+ * "CRAM-MD5", "GSSAPI").
+ *
+ * @return a non-null string representing the IANA-registered mechanism name.
+ */
+ String getMechanismName();
+
+ /**
+ * Determines if this mechanism has an optional initial response. If
+ * <code>true</code>, caller should call {@link #evaluateChallenge(byte[])}
+ * with an empty array to get the initial response.
+ *
+ * @return <code>true</code> if this mechanism has an initial response.
+ */
+ boolean hasInitialResponse();
+
+ /**
+ * Evaluates the challenge data and generates a response. If a challenge is
+ * received from the server during the authentication process, this method is
+ * called to prepare an appropriate next response to submit to the server.
+ *
+ * @param challenge the non-null challenge sent from the server. The
+ * challenge array may have zero length.
+ * @return the possibly <code>null</code> reponse to send to the server. It
+ * is <code>null</code> if the challenge accompanied a "SUCCESS" status and
+ * the challenge only contains data for the client to update its state and no
+ * response needs to be sent to the server. The response is a zero-length
+ * byte array if the client is to send a response with no data.
+ * @throws SaslException if an error occurred while processing the challenge
+ * or generating a response.
+ */
+ byte[] evaluateChallenge(byte[] challenge) throws SaslException;
+
+ /**
+ * Determines if the authentication exchange has completed. This method may
+ * be called at any time, but typically, it will not be called until the
+ * caller has received indication from the server (in a protocol-specific
+ * manner) that the exchange has completed.
+ *
+ * @return <code>true</code> if the authentication exchange has completed;
+ * <code>false</code> otherwise.
+ */
+ boolean isComplete();
+
+ /**
+ * <p>Unwraps a byte array received from the server. This method can be
+ * called only after the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>) and only if the
+ * authentication exchange has negotiated integrity and/or privacy as the
+ * quality of protection; otherwise, an {@link IllegalStateException} is
+ * thrown.</p>
+ *
+ * <p><code>incoming</code> is the contents of the SASL buffer as defined in
+ * RFC 2222 without the leading four octet field that represents the length.
+ * <code>offset</code> and <code>len</code> specify the portion of incoming
+ * to use.</p>
+ *
+ * @param incoming a non-null byte array containing the encoded bytes from
+ * the server.
+ * @param offset the starting position at <code>incoming</code> of the bytes
+ * to use.
+ * @param len the number of bytes from <code>incoming</code> to use.
+ * @return a non-null byte array containing the decoded bytes.
+ * @throws SaslException if <code>incoming</code> cannot be successfully
+ * unwrapped.
+ * @throws IllegalStateException if the authentication exchange has not
+ * completed, or if the negotiated quality of protection has neither
+ * integrity nor privacy.
+ */
+ byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException;
+
+ /**
+ * <p>Wraps a byte array to be sent to the server. This method can be called
+ * only after the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>) and only if the
+ * authentication exchange has negotiated integrity and/or privacy as the
+ * quality of protection; otherwise, an {@link IllegalStateException} is
+ * thrown.</p>
+ *
+ * <p>The result of this method will make up the contents of the SASL buffer
+ * as defined in RFC 2222 without the leading four octet field that
+ * represents the length. <code>offset</code> and <code>len</code> specify
+ * the portion of <code>outgoing</code> to use.</p>
+ *
+ * @param outgoing a non-null byte array containing the bytes to encode.
+ * @param offset the starting position at <code>outgoing</code> of the bytes
+ * to use.
+ * @param len the number of bytes from <code>outgoing</code> to use.
+ * @return a non-null byte array containing the encoded bytes.
+ * @throws SaslException if <code>outgoing</code> cannot be successfully
+ * wrapped.
+ * @throws IllegalStateException if the authentication exchange has not
+ * completed, or if the negotiated quality of protection has neither
+ * integrity nor privacy.
+ */
+ byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException;
+
+ /**
+ * Retrieves the negotiated property. This method can be called only after
+ * the authentication exchange has completed (i.e., when {@link #isComplete()}
+ * returns <code>true</code>); otherwise, an {@link IllegalStateException} is
+ * thrown.
+ *
+ * @param propName the non-null property name.
+ * @return the value of the negotiated property. If <code>null</code>, the
+ * property was not negotiated or is not applicable to this mechanism.
+ * @throws IllegalStateException if this authentication exchange has not
+ * completed.
+ */
+ Object getNegotiatedProperty(String propName) throws SaslException;
+
+ /**
+ * Disposes of any system resources or security-sensitive information the
+ * <code>SaslClient</code> might be using. Invoking this method invalidates
+ * the <code>SaslClient</code> instance. This method is idempotent.
+ *
+ * @throws SaslException if a problem was encountered while disposing of the
+ * resources.
+ */
+ void dispose() throws SaslException;
+}
--- /dev/null
+/* SaslClientFactory.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+/**
+ * <p>An interface for creating instances of {@link SaslClient}. A class that
+ * implements this interface must be thread-safe and handle multiple
+ * simultaneous requests. It must also have a public constructor that accepts
+ * no arguments.</p>
+ *
+ * <p>This interface is not normally accessed directly by a client, which will
+ * use the {@link Sasl} static methods to create a client instance instead.
+ * However, a particular environment may provide and install a new or different
+ * <code>SaslClientFactory</code>.</p>
+ *
+ * @see SaslClient
+ * @see Sasl
+ * @version $Revision: 1.1 $
+ */
+public interface SaslClientFactory
+{
+
+ /**
+ * Creates a {@link SaslClient} using the parameters supplied.
+ *
+ * @param mechanisms the non-null list of mechanism names to try. Each is the
+ * IANA-registered name of a SASL mechanism (e.g. "GSSAPI", "CRAM-MD5").
+ * @param authorizationID the possibly null protocol-dependent identification
+ * to be used for authorization. If <code>null</code> or empty, the server
+ * derives an authorization ID from the client's authentication credentials.
+ * When the SASL authentication completes successfully, the specified entity
+ * is granted access.
+ * @param protocol the non-null string name of the protocol for which the
+ * authentication is being performed (e.g. "ldap").
+ * @param serverName the non-null fully qualified host name of the server to
+ * authenticate to.
+ * @param props the possibly <code>null</code> set of properties used to
+ * select the SASL mechanism and to configure the authentication exchange of
+ * the selected mechanism. See the {@link Sasl} class for a list of standard
+ * properties. Other, possibly mechanism-specific, properties can be included.
+ * Properties not relevant to the selected mechanism are ignored.
+ * @param cbh the possibly <code>null</code> callback handler to used by the
+ * SASL mechanisms to get further information from the application/library to
+ * complete the authentication. For example, a SASL mechanism might require
+ * the authentication ID, password and realm from the caller. The
+ * authentication ID is requested by using a
+ * {@link javax.security.auth.callback.NameCallback}. The password is
+ * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
+ * The realm is requested by using a {@link RealmChoiceCallback} if there is
+ * a list of realms to choose from, and by using a {@link RealmCallback} if
+ * the realm must be entered.
+ * @return a possibly <code>null</code> {@link SaslClient} created using the
+ * parameters supplied. If <code>null</code>, this factory cannot produce a
+ * {@link SaslClient} using the parameters supplied.
+ * @throws SaslException if a {@link SaslClient} instance cannot be created
+ * because of an error.
+ */
+ SaslClient createSaslClient(String[] mechanisms, String authorizationID,
+ String protocol, String serverName, Map props,
+ CallbackHandler cbh)
+ throws SaslException;
+
+ /**
+ * Returns an array of names of mechanisms that match the specified mechanism
+ * selection policies.
+ *
+ * @param props the possibly <code>null</code> set of properties used to
+ * specify the security policy of the SASL mechanisms. For example, if props
+ * contains the {@link Sasl#POLICY_NOPLAINTEXT} property with the value
+ * <code>"true"</code>, then the factory must not return any SASL mechanisms
+ * that are susceptible to simple plain passive attacks. See the {@link Sasl}
+ * class for a complete list of policy properties. Non-policy related
+ * properties, if present in props, are ignored.
+ * @return a non-null array containing IANA-registered SASL mechanism names.
+ */
+ String[] getMechanismNames(Map props);
+}
--- /dev/null
+/* SaslException.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.io.Serializable;
+
+/**
+ * This class represents an error that has occurred when using SASL.
+ *
+ * @version $Revision: 1.1 $
+ */
+public class SaslException extends IOException implements Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial The possibly null root cause exception.
+ */
+ private Throwable _exception = null;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Constructs a new instance of <code>SaslException</code>. The root
+ * exception and the detailed message are null.
+ */
+ public SaslException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs a new instance of <code>SaslException</code> with a detailed
+ * message. The <code>root</code> exception is <code>null</code>.
+ *
+ * @param detail a possibly null string containing details of the exception.
+ * @see Throwable#getMessage()
+ */
+ public SaslException(String detail)
+ {
+ super(detail);
+ }
+
+ /**
+ * Constructs a new instance of <code>SaslException</code> with a detailed
+ * message and a root exception. For example, a <code>SaslException</code>
+ * might result from a problem with the callback handler, which might throw a
+ * {@link javax.security.auth.callback.UnsupportedCallbackException} if it
+ * does not support the requested callback, or throw an {@link IOException}
+ * if it had problems obtaining data for the callback. The
+ * <code>SaslException</code>'s root exception would be then be the exception
+ * thrown by the callback handler.
+ *
+ * @param detail a possibly <code>null</code> string containing details of
+ * the exception.
+ * @param ex a possibly <code>null</code> root exception that caused this
+ * exception.
+ * @see Throwable#getMessage()
+ * @see #getCause()
+ */
+ public SaslException(String detail, Throwable ex)
+ {
+ super(detail);
+ _exception = ex;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the cause of this throwable or <code>null</code> if the cause is
+ * nonexistent or unknown. The cause is the throwable that caused this
+ * exception to be thrown.
+ *
+ * @return the possibly <code>null</code> exception that caused this exception.
+ */
+ public Throwable getCause()
+ {
+ return _exception;
+ }
+
+ /**
+ * Prints this exception's stack trace to <code>System.err</code>. If this
+ * exception has a root exception; the stack trace of the root exception is
+ * also printed to <code>System.err</code>.
+ */
+ public void printStackTrace()
+ {
+ super.printStackTrace();
+ if (_exception != null)
+ _exception.printStackTrace();
+ }
+
+ /**
+ * Prints this exception's stack trace to a print stream. If this exception
+ * has a root exception; the stack trace of the root exception is also
+ * printed to the print stream.
+ *
+ * @param ps the non-null print stream to which to print.
+ */
+ public void printStackTrace(PrintStream ps)
+ {
+ super.printStackTrace(ps);
+ if (_exception != null)
+ _exception.printStackTrace(ps);
+ }
+
+ /**
+ * Prints this exception's stack trace to a print writer. If this exception
+ * has a root exception; the stack trace of the root exception is also
+ * printed to the print writer.
+ *
+ * @param pw the non-null print writer to use for output.
+ */
+ public void printStackTrace(PrintWriter pw)
+ {
+ super.printStackTrace(pw);
+ if (_exception != null)
+ _exception.printStackTrace(pw);
+ }
+
+ /**
+ * Returns the string representation of this exception. The string
+ * representation contains this exception's class name, its detailed
+ * messsage, and if it has a root exception, the string representation of the
+ * root exception. This string representation is meant for debugging and not
+ * meant to be interpreted programmatically.
+ *
+ * @return the non-null string representation of this exception.
+ * @see Throwable#getMessage()
+ */
+ public String toString()
+ {
+ StringBuffer sb = new StringBuffer(this.getClass().getName())
+ .append(": ").append(super.toString());
+ if (_exception != null)
+ sb.append("; caused by: ").append(_exception.toString());
+ return sb.toString();
+ }
+}
--- /dev/null
+/* SasServer.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+/**
+ * <p>Performs SASL authentication as a server.</p>
+ *
+ * <p>A server such as an LDAP server gets an instance of this class in order to
+ * perform authentication defined by a specific SASL mechanism. Invoking methods
+ * on the <code>SaslServer</code> instance generates challenges corresponding to
+ * the SASL mechanism implemented by the <code>SaslServer</code> instance. As
+ * the authentication proceeds, the instance encapsulates the state of a SASL
+ * server's authentication exchange.</p>
+ *
+ * <p>Here's an example of how an LDAP server might use a <code>SaslServer</code>
+ * instance. It first gets an instance of a <code>SaslServer</code> for the SASL
+ * mechanism requested by the client:</p>
+ *
+ * <pre>
+ *SaslServer ss =
+ * Sasl.createSaslServer(mechanism, "ldap", myFQDN, props, callbackHandler);
+ * </pre>
+ *
+ * <p>It can then proceed to use the server for authentication. For example,
+ * suppose the LDAP server received an LDAP BIND request containing the name of
+ * the SASL mechanism and an (optional) initial response. It then might use the
+ * server as follows:</p>
+ *
+ * <pre>
+ *while (!ss.isComplete()) {
+ * try {
+ * byte[] challenge = ss.evaluateResponse(response);
+ * if (ss.isComplete()) {
+ * status = ldap.sendBindResponse(mechanism, challenge, SUCCESS);
+ * } else {
+ * status = ldap.sendBindResponse(mechanism, challenge, SASL_BIND_IN_PROGRESS);
+ * response = ldap.readBindRequest();
+ * }
+ * } catch (SaslException x) {
+ * status = ldap.sendErrorResponse(x);
+ * break;
+ * }
+ *}
+ *if (ss.isComplete() && (status == SUCCESS)) {
+ * String qop = (String) sc.getNegotiatedProperty(Sasl.QOP);
+ * if (qop != null
+ * && (qop.equalsIgnoreCase("auth-int")
+ * || qop.equalsIgnoreCase("auth-conf"))) {
+ * // Use SaslServer.wrap() and SaslServer.unwrap() for future
+ * // communication with client
+ * ldap.in = new SecureInputStream(ss, ldap.in);
+ * ldap.out = new SecureOutputStream(ss, ldap.out);
+ * }
+ *}
+ * </pre>
+ *
+ * @see Sasl
+ * @see SaslServerFactory
+ * @version $Revision: 1.1 $
+ */
+public interface SaslServer
+{
+
+ /**
+ * Returns the IANA-registered mechanism name of this SASL server (e.g.
+ * "CRAM-MD5", "GSSAPI").
+ *
+ * @return a non-null string representing the IANA-registered mechanism name.
+ */
+ String getMechanismName();
+
+ /**
+ * Evaluates the response data and generates a challenge. If a response is
+ * received from the client during the authentication process, this method is
+ * called to prepare an appropriate next challenge to submit to the client.
+ * The challenge is <code>null</code> if the authentication has succeeded and
+ * no more challenge data is to be sent to the client. It is non-null if the
+ * authentication must be continued by sending a challenge to the client, or
+ * if the authentication has succeeded but challenge data needs to be
+ * processed by the client. {@link #isComplete()} should be called after each
+ * call to <code>evaluateResponse()</code>,to determine if any further
+ * response is needed from the client.
+ *
+ * @param response the non-null (but possibly empty) response sent by the
+ * client.
+ * @return the possibly <code>null</code> challenge to send to the client.
+ * It is <code>null</code> if the authentication has succeeded and there is
+ * no more challenge data to be sent to the client.
+ * @throws SaslException if an error occurred while processing the response
+ * or generating a challenge.
+ */
+ byte[] evaluateResponse(byte[] response) throws SaslException;
+
+ /**
+ * Determines if the authentication exchange has completed. This method is
+ * typically called after each invocation of {@link #evaluateResponse(byte[])}
+ * to determine whether the authentication has completed successfully or
+ * should be continued.
+ *
+ * @return <code>true</code> if the authentication exchange has completed;
+ * <code>false</code> otherwise.
+ */
+ boolean isComplete();
+
+ /**
+ * Reports the authorization ID in effect for the client of this session This
+ * method can only be called if {@link #isComplete()} returns <code>true</code>.
+ *
+ * @return the authorization ID of the client.
+ * @throws IllegalStateException if this authentication session has not
+ * completed.
+ */
+ String getAuthorizationID();
+
+ /**
+ * <p>Unwraps a byte array received from the client. This method can be called
+ * only after the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>) and only if the
+ * authentication exchange has negotiated integrity and/or privacy as the
+ * quality of protection; otherwise, an {@link IllegalStateException} is
+ * thrown.</p>
+ *
+ * <p><code>incoming</code> is the contents of the SASL buffer as defined in
+ * RFC 2222 without the leading four octet field that represents the length.
+ * <code>offset</code> and <code>len</code> specify the portion of incoming
+ * to use.</p>
+ *
+ * @param incoming a non-null byte array containing the encoded bytes from
+ * the client.
+ * @param offset the starting position at <code>incoming</code> of the bytes
+ * to use.
+ * @param len the number of bytes from <code>incoming</code> to use.
+ * @return a non-null byte array containing the decoded bytes.
+ * @throws SaslException if <code>incoming</code> cannot be successfully
+ * unwrapped.
+ * @throws IllegalStateException if the authentication exchange has not
+ * completed, or if the negotiated quality of protection has neither
+ * integrity nor privacy.
+ */
+ byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException;
+
+ /**
+ * <p>Wraps a byte array to be sent to the client. This method can be called
+ * only after the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>) and only if the
+ * authentication exchange has negotiated integrity and/or privacy as the
+ * quality of protection; otherwise, an {@link IllegalStateException} is
+ * thrown.</p>
+ *
+ * <p>The result of this method will make up the contents of the SASL buffer
+ * as defined in RFC 2222 without the leading four octet field that
+ * represents the length. <code>offset</code> and <code>len</code> specify
+ * the portion of <code>outgoing</code> to use.
+ *
+ * @param outgoing a non-null byte array containing the bytes to encode.
+ * @param offset the starting position at <code>outgoing</code> of the bytes
+ * to use.
+ * @param len the number of bytes from <code>outgoing</code> to use.
+ * @return a non-null byte array containing the encoded bytes.
+ * @throws SaslException if <code>outgoing</code> cannot be successfully
+ * wrapped.
+ * @throws IllegalStateException if the authentication exchange has not
+ * completed, or if the negotiated quality of protection has neither
+ * integrity nor privacy.
+ */
+ byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException;
+
+ /**
+ * Retrieves the negotiated property. This method can be called only after
+ * the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>); otherwise, an
+ * {@link IllegalStateException} is thrown.
+ *
+ * @return the value of the negotiated property. If <code>null</code>, the
+ * property was not negotiated or is not applicable to this mechanism.
+ * @throws IllegalStateException if this authentication exchange has not
+ * completed.
+ */
+ Object getNegotiatedProperty(String propName) throws SaslException;
+
+ /**
+ * Disposes of any system resources or security-sensitive information the
+ * <code>SaslServer</code> might be using. Invoking this method invalidates
+ * the <code>SaslServer</code> instance. This method is idempotent.
+ *
+ * @throws SaslException if a problem was encountered while disposing of the
+ * resources.
+ */
+ void dispose() throws SaslException;
+}
--- /dev/null
+/* SaslServerFactory.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+/**
+ * <p>An interface for creating instances of {@link SaslServer}. A class that
+ * implements this interface must be thread-safe and handle multiple
+ * simultaneous requests. It must also have a public constructor that accepts
+ * no arguments.</p>
+ *
+ * This interface is not normally accessed directly by a server, which will use
+ * the {@link Sasl} static methods to create a {@link SaslServer} instance
+ * instead. However, a particular environment may provide and install a new or
+ * different <code>SaslServerFactory</code>.</p>
+ *
+ * @see SaslServer
+ * @see Sasl
+ * @version $Revision: 1.1 $
+ */
+public interface SaslServerFactory
+{
+
+ /**
+ * Creates a {@link SaslServer} instance using the parameters supplied. It
+ * returns <code>null</code> if no {@link SaslServer} instance can be created
+ * using the parameters supplied. Throws {@link SaslException} if it cannot
+ * create a {@link SaslServer} because of an error.
+ *
+ * @param mechanism the non-null IANA-registered name of a SASL mechanism
+ * (e.g. "GSSAPI", "CRAM-MD5").
+ * @param protocol the non-null string name of the protocol for which the
+ * authentication is being performed (e.g. "ldap").
+ * @param serverName the non-null fully qualified host name of the server to
+ * authenticate to.
+ * @param props the possibly null set of properties used to select the SASL
+ * mechanism and to configure the authentication exchange of the selected
+ * mechanism. See the {@link Sasl} class for a list of standard properties.
+ * Other, possibly mechanism-specific, properties can be included. Properties
+ * not relevant to the selected mechanism are ignored.
+ * @param cbh the possibly null callback handler to used by the SASL
+ * mechanisms to get further information from the application/library to
+ * complete the authentication. For example, a SASL mechanism might require
+ * the authentication ID, password and realm from the caller. The
+ * authentication ID is requested by using a
+ * {@link javax.security.auth.callback.NameCallback}. The password is
+ * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
+ * The realm is requested by using a {@link RealmChoiceCallback} if there is
+ * a list of realms to choose from, and by using a {@link RealmCallback} if
+ * the realm must be entered.
+ * @return a possibly null {@link SaslServer} created using the parameters
+ * supplied. If <code>null</code> is returned, it means that this factory
+ * cannot produce a {@link SaslServer} using the parameters supplied.
+ * @throws SaslException if a SaslServer instance cannot be created because
+ * of an error.
+ */
+ SaslServer createSaslServer(String mechanism, String protocol,
+ String serverName, Map props, CallbackHandler cbh)
+ throws SaslException;
+
+ /**
+ * Returns an array of names of mechanisms that match the specified mechanism
+ * selection policies.
+ *
+ * @param props the possibly <code>null</code> set of properties used to
+ * specify the security policy of the SASL mechanisms. For example, if props
+ * contains the {@link Sasl#POLICY_NOPLAINTEXT} property with the value
+ * <code>"true"</code>, then the factory must not return any SASL mechanisms
+ * that are susceptible to simple plain passive attacks. See the {@link Sasl}
+ * class for a complete list of policy properties. Non-policy related
+ * properties, if present in props, are ignored.
+ * @return a non-null array containing IANA-registered SASL mechanism names.
+ */
+ String[] getMechanismNames(Map props);
+}
--- /dev/null
+/* ChannelBinding.java -- a channel binding in the GSS-API.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+/* The documentation comments of this class are derived from the text
+ of RFC 2853: Generic Security Service API Version 2: Java Bindings.
+ That document is covered under the following license notice:
+
+Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of developing
+Internet standards in which case the procedures for copyrights defined
+in the Internet Standards process must be followed, or as required to
+translate it into languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
+WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
+
+
+package org.ietf.jgss;
+
+import java.net.InetAddress;
+import java.util.Arrays;
+
+/**
+ * <p>The GSS-API accommodates the concept of caller-provided channel
+ * binding information. Channel bindings are used to strengthen the
+ * quality with which peer entity authentication is provided during
+ * context establishment. They enable the GSS-API callers to bind the
+ * establishment of the security context to relevant characteristics
+ * like addresses or to application specific data.</p>
+ *
+ * <p>The caller initiating the security context must determine the
+ * appropriate channel binding values to set in the {@link GSSContext}
+ * object. The acceptor must provide an identical binding in order to
+ * validate that received tokens possess correct channel-related
+ * characteristics.</p>
+ *
+ * <p>Use of channel bindings is optional in GSS-API. Since channel-binding
+ * information may be transmitted in context establishment tokens,
+ * applications should therefore not use confidential data as
+ * channel-binding components.</p>
+ */
+public class ChannelBinding
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private final byte[] appData;
+ private final InetAddress initAddr;
+ private final InetAddress acceptAddr;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Create a ChannelBinding object with user supplied address information
+ * and data. <code>null</code> values can be used for any fields which the
+ * application does not want to specify.
+ *
+ * @param initAddr The address of the context initiator. <code>null</code>
+ * value can be supplied to indicate that the application
+ * does not want to set this value.
+ * @param acceptAddr The address of the context acceptor. <code>null</code>
+ * value can be supplied to indicate that the application
+ * does not want to set this value.
+ * @param appData Application supplied data to be used as part of the
+ * channel bindings. <code>null</code> value can be
+ * supplied to indicate that the application does not
+ * want to set this value.
+ */
+ public ChannelBinding(InetAddress initAddr, InetAddress acceptAddr,
+ byte[] appData)
+ {
+ this.appData = (appData != null) ? (byte[]) appData.clone() : null;
+ this.initAddr = initAddr;
+ this.acceptAddr = acceptAddr;
+ }
+
+ /**
+ * Creates a ChannelBinding object without any addressing information.
+ *
+ * @param appData Application supplied data to be used as part of the
+ * channel bindings.
+ */
+ public ChannelBinding(byte[] appData)
+ {
+ this(null, null, appData);
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the initiator's address for this channel binding.
+ * <code>null</code> is returned if the address has not been set.
+ *
+ * @return The initiator's address, or <code>null</code>.
+ */
+ public InetAddress getInitiatorAddress()
+ {
+ return initAddr;
+ }
+
+ /**
+ * Returns the acceptor's address for this channel binding.
+ * <code>null</code> is returned if the address has not been set.
+ *
+ * @return The acceptor's address, or <code>null</code>.
+ */
+ public InetAddress getAcceptorAddress()
+ {
+ return acceptAddr;
+ }
+
+ /**
+ * Returns application data being used as part of the ChannelBinding.
+ * <code>null</code> is returned if no application data has been
+ * specified for the channel binding.
+ *
+ * @return The application data, or <code>null</code>.
+ */
+ public byte[] getApplicationData()
+ {
+ if (appData != null)
+ return (byte[]) appData.clone();
+ return null;
+ }
+
+ /**
+ * Returns <code>true</code> if two channel bindings match.
+ *
+ * @param obj Another channel binding to compare with.
+ * @return True if this channel binding equals the other.
+ */
+ public boolean equals(Object obj)
+ {
+ if (!(obj instanceof ChannelBinding))
+ return false;
+ ChannelBinding cb = (ChannelBinding) obj;
+ boolean b1 = Arrays.equals(appData, cb.appData);
+ boolean b2 = (initAddr == null && cb.initAddr == null)
+ || (cb.initAddr != null && initAddr.equals(cb.initAddr));
+ boolean b3 = (acceptAddr == null && cb.acceptAddr == null)
+ || (cb.acceptAddr != null && acceptAddr.equals(cb.acceptAddr));
+ return b1 && b2 && b3;
+ }
+
+ /**
+ * Returns the hash code for this channel binding.
+ *
+ * @return The hash code.
+ */
+ public int hashCode()
+ {
+ int code = 0;
+ if (appData != null)
+ for (int i = 0; i < appData.length; i++)
+ code ^= appData[i] << ((8 * i) & 31);
+ if (initAddr != null)
+ code ^= initAddr.hashCode();
+ if (acceptAddr != null)
+ code ^= acceptAddr.hashCode();
+ return code;
+ }
+}
--- /dev/null
+/* GSSContext.java -- The GSS context interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package org.ietf.jgss;
+
+import java.io.InputStream;
+import java.io.OutputStream;
+
+/**
+ * <p>This interface encapsulates the GSS-API security context and provides
+ * the security services ({@link #wrap(byte[],int,int,org.ietf.jgss.MessageProp)},
+ * {@link #unwrap(byte[],int,int,org.ietf.jgss.MessageProp)}, {@link
+ * #getMIC(byte[],int,int,org.ietf.jgss.MessageProp)}, {@link
+ * #verifyMIC(byte[],int,int,byte[],int,int,org.ietf.jgss.MessageProp)}) that
+ * are available over the context. Security contexts are established
+ * between peers using locally acquired credentials. Multiple contexts
+ * may exist simultaneously between a pair of peers, using the same or
+ * different set of credentials. GSS-API functions in a manner
+ * independent of the underlying transport protocol and depends on its
+ * calling application to transport its tokens between peers.</p>
+ *
+ * <p>Before the context establishment phase is initiated, the context
+ * initiator may request specific characteristics desired of the
+ * established context. These can be set using the set methods. After
+ * the context is established, the caller can check the actual
+ * characteristic and services offered by the context using the query
+ * methods.</p>
+ *
+ * <p>The context establishment phase begins with the first call to the
+ * init method by the context initiator. During this phase the
+ * {@link #initSecContext(byte[],int,int)} and {@link
+ * #acceptSecContext(byte[],int,int)} methods will produce GSS-API
+ * authentication tokens which the calling application needs to send to
+ * its peer. If an error occurs at any point, an exception will get
+ * thrown and the code will start executing in a catch block. If not,
+ * the normal flow of code continues and the application can make a call
+ * to the {@link #isEstablished()} method. If this method returns false it
+ * indicates that a token is needed from its peer in order to continue
+ * the context establishment phase. A return value of true signals that
+ * the local end of the context is established. This may still require
+ * that a token be sent to the peer, if one is produced by GSS-API.
+ * During the context establishment phase, the {@link #isProtReady()}
+ * method may be called to determine if the context can be used for the
+ * per-message operations. This allows applications to use per-message
+ * operations on contexts which aren't fully established.</p>
+ *
+ * <p>After the context has been established or the {@link #isProtReady()}
+ * method returns <code>true</code>, the query routines can be invoked to
+ * determine the actual characteristics and services of the established
+ * context. The application can also start using the per-message methods
+ * of {@link #wrap(byte[],int,int,org.ietf.jgss.MessageProp)} and
+ * {@link #getMIC(byte[],int,int,org.ietf.jgss.MessageProp)} to obtain
+ * cryptographic operations on application supplied data.</p>
+ *
+ * <p>When the context is no longer needed, the application should call
+ * {@link dispose()} to release any system resources the context may be
+ * using.</p>
+ *
+ * <h3>Example Code</h3>
+ *
+ * <pre>
+GSSManager mgr = GSSManager.getInstance();
+
+// start by creating the name for a service entity
+GSSName targetName = mgr.createName("service@host",
+ GSSName.NT_HOSTBASED_SERVICE);
+
+// create a context using default credentials for the above entity
+// and the implementation specific default mechanism
+GSSContext context = mgr.createContext(targetName,
+ null, // default mechanism
+ null, // default credentials
+ GSSContext.INDEFINITE_LIFETIME);
+
+// set desired context options - all others are false by default
+context.requestConf(true);
+context.requestMutualAuth(true);
+context.requestReplayDet(true);
+context.requestSequenceDet(true);
+
+// establish a context between peers - using byte arrays
+byte []inTok = new byte[0];
+
+try
+ {
+ do
+ {
+ byte[] outTok = context.initSecContext(inTok, 0,
+ inTok.length);
+
+ // send the token if present
+ if (outTok != null)
+ sendToken(outTok);
+
+ // check if we should expect more tokens
+ if (context.isEstablished())
+ break;
+
+ // another token expected from peer
+ inTok = readToken();
+
+ }
+ while (true);
+ }
+catch (GSSException e)
+ {
+ print("GSSAPI error: " + e.getMessage());
+ }
+
+// display context information
+print("Remaining lifetime in seconds = " + context.getLifetime());
+print("Context mechanism = " + context.getMech().toString());
+print("Initiator = " + context.getSrcName().toString());
+print("Acceptor = " + context.getTargName().toString());
+
+if (context.getConfState())
+ print("Confidentiality security service available");
+
+if (context.getIntegState())
+ print("Integrity security service available");
+
+// perform wrap on an application supplied message, appMsg,
+// using QOP = 0, and requesting privacy service
+byte[] appMsg ...
+MessageProp mProp = new MessageProp(0, true);
+byte[] tok = context.wrap(appMsg, 0, appMsg.length, mProp);
+
+if (mProp.getPrivacy())
+ print("Message protected with privacy.");
+
+sendToken(tok);
+
+
+// release the local-end of the context
+context.dispose();
+ * </pre>
+ */
+public interface GSSContext
+{
+
+ // Constants.
+ // -------------------------------------------------------------------------
+
+ /**
+ * A lifetime constant representing the default context lifetime.
+ */
+ int DEFAULT_LIFETIME = 0;
+
+ /**
+ * A lifetime constant representing indefinite context lifetime.
+ */
+ int INDEFINITE_LIFETIME = Integer.MAX_VALUE;
+
+ // Methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Called by the context initiator to start the context creation
+ * process. This is equivalent to the stream based method except that
+ * the token buffers are handled as byte arrays instead of using stream
+ * objects. This method may return an output token which the
+ * application will need to send to the peer for processing by the
+ * accept call. Typically, the application would do so by calling the
+ * {@link OutputStream#flush()} method on an OutputStream that
+ * encapsulates the connection between the two peers. The application
+ * can call {@link #isEstablished()} to determine if the context
+ * establishment phase is complete for this peer. A return value of
+ * <code>false</code> from {@link #isEstablished()} indicates that more
+ * tokens are expected to be supplied to the initSecContext() method. Note
+ * that it is possible that the initSecContext() method return a token for
+ * the peer, and {@link #isEstablished()} to return <code>true</code> also.
+ * This indicates that the token needs to be sent to the peer, but the local
+ * end of the context is now fully established.</p>
+ *
+ * <p>Upon completion of the context establishment, the available context
+ * options may be queried through the get methods.</p>
+ *
+ * @param inputBuf Token generated by the peer. This parameter is ignored
+ * on the first call.
+ * @param offset The offset within the <i>inputBuf</i> where the token
+ * begins.
+ * @param len The length of the token within the <i>inputBuf</i>
+ * (starting at the offset).
+ * @return The output token, if any.
+ * @throws GSSException If this operation fails.
+ */
+ byte[] initSecContext(byte[] inputBuf, int offset, int len)
+ throws GSSException;
+
+ /**
+ * <p>Called by the context initiator to start the context creation
+ * process. This is equivalent to the byte array based method. This
+ * method may write an output token to the <i>outStream</i>, which the
+ * application will need to send to the peer for processing by the
+ * accept call. Typically, the application would do so by calling the
+ * {@link OutputStream#flush()} method on an OutputStream that encapsulates
+ * the connection between the two peers. The application can call {@link
+ * #isEstablished()} to determine if the context establishment phase is
+ * complete for this peer. A return value of <code>false</code> from
+ * isEstablished indicates that more tokens are expected to be supplied
+ * to the initSecContext() method. Note that it is possible that the
+ * initSecContext() method return a token for the peer, and {@link
+ * #isEstablished() return <code>true</code> also. This indicates that
+ * the token needs to be sent to the peer, but the local end of the context
+ * is now fully established.</p>
+ *
+ * <p>The GSS-API authentication tokens contain a definitive start and end.
+ * This method will attempt to read one of these tokens per invocation,
+ * and may block on the stream if only part of the token is available.</p>
+ *
+ * <p>Upon completion of the context establishment, the available context
+ * options may be queried through the get methods.</p>
+ *
+ * @param inStream Contains the token generated by the peer. This
+ * parameter is ignored on the first call.
+ * @param outStream Output stream where the output token will be written.
+ * During the final stage of context establishment, there
+ * may be no bytes written.
+ * @return The number of bytes written to <i>outStream</i>, or 0 if no
+ * token is written.
+ * @throws GSSException If this operation fails.
+ */
+ int initSecContext(InputStream inStream, OutputStream outStream)
+ throws GSSException;
+
+ /**
+ * <p>Called by the context acceptor upon receiving a token from the peer.
+ * This call is equivalent to the stream based method except that the
+ * token buffers are handled as byte arrays instead of using stream
+ * objects.</p>
+ *
+ * <p>This method may return an output token which the application will
+ * need to send to the peer for further processing by the init call.</p>
+ *
+ * <p><code>null</code> return value indicates that no token needs to be
+ * sent to the peer. The application can call {@link #isEstablished()}
+ * to determine if the context establishment phase is complete for this
+ * peer. A return value of <code>false</code> from {@link #isEstablished()}
+ * indicates that more tokens are expected to be supplied to this
+ * method.</p>
+ *
+ * <p>Note that it is possible that acceptSecContext() return a token for
+ * the peer, and isEstablished() return <code>true</code> also. This
+ * indicates that the token needs to be sent to the peer, but the local
+ * end of the context is now fully established.</p>
+ *
+ * <p>Upon completion of the context establishment, the available context
+ * options may be queried through the get methods.</p>
+ *
+ * @param inTok Token generated by the peer.
+ * @param offset The offset within the <i>inTok</i> where the token begins.
+ * @param len The length of the token within the <i>inTok</i> (starting
+ * at the offset).
+ * @return The output token, if any.
+ * @throws GSSException If this operation fails.
+ */
+ byte[] acceptSecContext(byte[] inTok, int offset, int len)
+ throws GSSException;
+
+ /**
+ * <p>Called by the context acceptor upon receiving a token from the peer.
+ * This call is equivalent to the byte array method. It may write an
+ * output token to the outStream, which the application will need to
+ * send to the peer for processing by its initSecContext method.
+ * Typically, the application would do so by calling the {@link
+ * OutputStream#flush()} method on an OutputStream that encapsulates the
+ * connection between the two peers. The application can call {@link
+ * #isEstablished()} to determine if the context establishment phase is
+ * complete for this peer. A return value of <code>false</code> from
+ * {@link #isEstablished()} indicates that more tokens are expected to be
+ * supplied to this method.</p>
+ *
+ * <p>Note that it is possible that acceptSecContext() return a token for
+ * the peer, and isEstablished() return <code>true</code> also. This
+ * indicates that the token needs to be sent to the peer, but the local
+ * end of the context is now fully established.</p>
+ *
+ * <p>The GSS-API authentication tokens contain a definitive start and end.
+ * This method will attempt to read one of these tokens per invocation,
+ * and may block on the stream if only part of the token is available.</p>
+ *
+ * <p>Upon completion of the context establishment, the available context
+ * options may be queried through the get methods.</p>
+ *
+ * @param inStream Contains the token generated by the peer.
+ * @param outStream Output stream where the output token will be written.
+ * During the final stage of context establishment, there
+ * may be no bytes written.
+ * @return The number of bytes written, or 0 if no token is written.
+ * @throws GSSException If this operation fails.
+ */
+ void acceptSecContext(InputStream inStream, OutputStream outStream)
+ throws GSSException;
+
+ /**
+ * Used during context establishment to determine the state of the
+ * context. Returns <code>true</code> if this is a fully established
+ * context on the caller's side and no more tokens are needed from the
+ * peer. Should be called after a call to {@link
+ * #initSecContext(byte[],int,int)} or {@link
+ * #acceptSecContext(byte[],int,int)} when no {@link GSSException}
+ * is thrown.
+ *
+ * @return True of this context is fully established on this side.
+ */
+ boolean isEstablished();
+
+ /**
+ * Releases any system resources and cryptographic information stored in
+ * the context object. This will invalidate the context.
+ *
+ * @throws GSSException If this operation fails.
+ */
+ void dispose() throws GSSException;
+
+ /**
+ * <p>Returns the maximum message size that, if presented to the
+ * {@link #wrap(byte[],int,int,org.ietf.jgss.MessageProp)} method with
+ * the same <i>confReq</i> and <i>qop</i> parameters, will result in an
+ * output token containing no more than the <i>maxTokenSize</i> bytes.</p>
+ *
+ * <p>This call is intended for use by applications that communicate over
+ * protocols that impose a maximum message size. It enables the
+ * application to fragment messages prior to applying protection.</p>
+ *
+ * <p>GSS-API implementations are recommended but not required to detect
+ * invalid QOP values when getWrapSizeLimit is called. This routine
+ * guarantees only a maximum message size, not the availability of
+ * specific QOP values for message protection.</p>
+ *
+ * <p>Successful completion of this call does not guarantee that wrap will
+ * be able to protect a message of the computed length, since this
+ * ability may depend on the availability of system resources at the
+ * time that wrap is called. However, if the implementation itself
+ * imposes an upper limit on the length of messages that may be
+ * processed by wrap, the implementation should not return a value that
+ * is greater than this length.</p>
+ *
+ * @param qop Indicates the level of protection wrap will be asked
+ * to provide.
+ * @param confReq Indicates if wrap will be asked to provide privacy
+ * service.
+ * @param maxTokenSize The desired maximum size of the token emitted
+ * by {@link #wrap(byte[],int,int,org.ietf.jgss.MessageProp)}.
+ * @return The maximum wrapped output size.
+ * @throws GSSException If this operation fails.
+ */
+ int getWrapSizeLimit(int qop, boolean confReq, int maxTokenSize)
+ throws GSSException;
+
+ /**
+ * <p>Applies per-message security services over the established security
+ * context. The method will return a token with a cryptographic MIC and
+ * may optionally encrypt the specified <i>inBuf</i>. This method is
+ * equivalent in functionality to its stream counterpart. The returned
+ * byte array will contain both the MIC and the message.</p>
+ *
+ * <p>The {@link MessageProp} object is instantiated by the application
+ * and used to specify a QOP value which selects cryptographic algorithms,
+ * and a privacy service to optionally encrypt the message. The underlying
+ * mechanism that is used in the call may not be able to provide the
+ * privacy service. It sets the actual privacy service that it does
+ * provide in this {@link MessageProp} object which the caller should then
+ * query upon return. If the mechanism is not able to provide the
+ * requested QOP, it throws a {@link GSSException} with the {@link
+ * GSSException#BAD_QOP} code.</p>
+ *
+ * <p>Since some application-level protocols may wish to use tokens emitted
+ * by wrap to provide "secure framing", implementations should support
+ * the wrapping of zero-length messages.</p>
+ *
+ * <p>The application will be responsible for sending the token to the
+ * peer.</p>
+ *
+ * @param inBuf Application data to be protected.
+ * @param offset The offset within the inBuf where the data begins.
+ * @param len The length of the data within the inBuf (starting at
+ * the offset).
+ * @param msgProp Instance of {@link MessageProp} that is used by the
+ * application to set the desired QOP and privacy state.
+ * Set the desired QOP to 0 to request the default QOP.
+ * Upon return from this method, this object will contain
+ * the the actual privacy state that was applied to the
+ * message by the underlying mechanism.
+ * @return The wrapped data.
+ * @throws GSSException If this operation fails.
+ */
+ byte[] wrap(byte[] inBuf, int offset, int len, MessageProp msgProp)
+ throws GSSException;
+
+ /**
+ * <p>Allows to apply per-message security services over the established
+ * security context. The method will produce a token with a
+ * cryptographic MIC and may optionally encrypt the message in inStream.
+ * The outStream will contain both the MIC and the message.</p>
+ *
+ * <p>The {@link MessageProp} object is instantiated by the application and
+ * used to specify a QOP value which selects cryptographic algorithms, and
+ * a privacy service to optionally encrypt the message. The underlying
+ * mechanism that is used in the call may not be able to provide the
+ * privacy service. It sets the actual privacy service that it does
+ * provide in this MessageProp object which the caller should then query
+ * upon return. If the mechanism is not able to provide the requested
+ * QOP, it throws a {@link GSSException} with the {@link
+ * GSSException#BAD_QOP} code.</p>
+ *
+ * <p>Since some application-level protocols may wish to use tokens emitted
+ * by wrap to provide "secure framing", implementations should support
+ * the wrapping of zero-length messages.</p>
+ *
+ * <p>The application will be responsible for sending the token to the
+ * peer.</p>
+ *
+ * @param inStream Input stream containing the application data to be
+ * protected.
+ * @param outStream The output stream to write the protected message to.
+ * The application is responsible for sending this to the
+ * other peer for processing in its unwrap method.
+ * @param msgProp Instance of {@link MessageProp} that is used by the
+ * application to set the desired QOP and privacy state.
+ * Set the desired QOP to 0 to request the default QOP.
+ * Upon return from this method, this object will contain
+ * the the actual privacy state that was applied to the
+ * message by the underlying mechanism.
+ * @throws GSSException If this operation fails.
+ */
+ void wrap(InputStream inStream, OutputStream outStream, MessageProp msgProp)
+ throws GSSException;
+
+ /**
+ * <p>Used by the peer application to process tokens generated with the
+ * wrap call. This call is equal in functionality to its stream
+ * counterpart. The method will return the message supplied in the peer
+ * application to the wrap call, verifying the embedded MIC.</p>
+ *
+ * <p>The {@link MessageProp} object is instantiated by the application and
+ * is used by the underlying mechanism to return information to the caller
+ * such as the QOP, whether confidentiality was applied to the message, and
+ * other supplementary message state information.</p>
+ *
+ * <p>Since some application-level protocols may wish to use tokens emitted
+ * by wrap to provide "secure framing", implementations should support
+ * the wrapping and unwrapping of zero-length messages.</p>
+ *
+ * @param inBuf GSS-API wrap token received from peer.
+ * @param offset The offset within the inBuf where the token begins.
+ * @param len The length of the token within the inBuf (starting at
+ * the offset).
+ * @param msgProp Upon return from the method, this object will contain
+ * the applied QOP, the privacy state of the message, and
+ * supplementary information stating whether the token was
+ * a duplicate, old, out of sequence or arriving after a gap.
+ * @return The unwrapped token.
+ * @throws GSSException If this operation fails.
+ */
+ byte[] unwrap(byte[] inBuf, int offset, int len, MessageProp msgProp)
+ throws GSSException;
+
+ /**
+ * <p>Used by the peer application to process tokens generated with the
+ * wrap call. This call is equal in functionality to its byte array
+ * counterpart. It will produce the message supplied in the peer
+ * application to the wrap call, verifying the embedded MIC.</p>
+ *
+ * <p>The {@link MessageProp} object is instantiated by the application
+ * and is used by the underlying mechanism to return information to the
+ * caller such as the QOP, whether confidentiality was applied to the
+ * message, and other supplementary message state information.</p>
+ *
+ * <p>Since some application-level protocols may wish to use tokens emitted
+ * by wrap to provide "secure framing", implementations should support
+ * the wrapping and unwrapping of zero-length messages.</p>
+ *
+ * @param inStream Input stream containing the GSS-API wrap token
+ * received from the peer.
+ * @param outStream The output stream to write the application message to.
+ * @param msgProp Upon return from the method, this object will contain
+ * the applied QOP, the privacy state of the message, and
+ * supplementary information stating whether the token was
+ * a duplicate, old, out of sequence or arriving after a gap.
+ * @throws GSSException If this operation fails.
+ */
+ void unwrap(InputStream inStream, OutputStream outStream, MessageProp msgProp)
+ throws GSSException;
+
+ /**
+ * <p>Returns a token containing a cryptographic MIC for the supplied
+ * message, for transfer to the peer application. Unlike wrap, which
+ * encapsulates the user message in the returned token, only the message
+ * MIC is returned in the output token. This method is identical in
+ * functionality to its stream counterpart.</p>
+ *
+ * <p>Note that privacy can only be applied through the wrap call.</p>
+ *
+ * <p>Since some application-level protocols may wish to use tokens emitted
+ * by getMIC to provide "secure framing", implementations should support
+ * derivation of MICs from zero-length messages.</p>
+ *
+ * @param inMsg Message to generate MIC over.
+ * @param offset The offset within the inMsg where the token begins.
+ * @param len The length of the token within the inMsg (starting at
+ * the offset).
+ * @param msgProp Instance of MessageProp that is used by the
+ * application to set the desired QOP. Set the desired
+ * QOP to 0 in msgProp to request the default QOP.
+ * Alternatively pass in <code>null</code> for msgProp to
+ * request default QOP.
+ * @return The MIC.
+ * @throws GSSException If this operation fails.
+ */
+ byte[] getMIC(byte[] inMsg, int offset, int len, MessageProp msgProp)
+ throws GSSException;
+
+ /**
+ * <p>Produces a token containing a cryptographic MIC for the supplied
+ * message, for transfer to the peer application. Unlike wrap, which
+ * encapsulates the user message in the returned token, only the message
+ * MIC is produced in the output token. This method is identical in
+ * functionality to its byte array counterpart.</p>
+ *
+ * <p>Note that privacy can only be applied through the wrap call.</p>
+ *
+ * <p>Since some application-level protocols may wish to use tokens emitted
+ * by getMIC to provide "secure framing", implementations should support
+ * derivation of MICs from zero-length messages.</p>
+ *
+ * @param inStream Input stream containing the message to generate
+ * the MIC over.
+ * @param outStream Output stream to write the GSS-API output token to.
+ * @param msgProp Instance of MessageProp that is used by the
+ * application to set the desired QOP. Set the desired
+ * QOP to 0 in msgProp to request the default QOP.
+ * Alternatively pass in <code>null</code> for msgProp
+ * to request default QOP.
+ * @throws GSSException If this operation fails.
+ */
+ void getMIC(InputStream inStream, OutputStream outStream, MessageProp mgProp)
+ throws GSSException;
+
+ /**
+ * <p>Verifies the cryptographic MIC, contained in the token parameter,
+ * over the supplied message. This method is equivalent in
+ * functionality to its stream counterpart.</p>
+ *
+ * <p>The MessageProp object is instantiated by the application and is used
+ * by the underlying mechanism to return information to the caller such
+ * as the QOP indicating the strength of protection that was applied to
+ * the message and other supplementary message state information.</p>
+ *
+ * <p>Since some application-level protocols may wish to use tokens emitted
+ * by getMIC to provide "secure framing", implementations should support
+ * the calculation and verification of MICs over zero-length messages.</p>
+ *
+ * @param inTok Token generated by peer's getMIC method.
+ * @param tokOffset The offset within the inTok where the token begins.
+ * @param tokLen The length of the token within the inTok (starting at
+ * the offset).
+ * @param inMsg Application message to verify the cryptographic MIC
+ * over.
+ * @param msgOffset The offset within the inMsg where the message begins.
+ * @param msgLen The length of the message within the inMsg (starting
+ * at the offset).
+ * @param msgProp Upon return from the method, this object will contain
+ * the applied QOP and supplementary information
+ * stating whether the token was a duplicate, old, out
+ * of sequence or arriving after a gap. The
+ * confidentiality state will be set to <code>false</code>.
+ * @throws GSSException If this operation fails.
+ */
+ void verifyMIC(byte[] inTok, int tokOffset, int tokLen, byte[] inMsg,
+ int msgOffset, int msgLen, MessageProp msgProp)
+ throws GSSException;
+
+ /**
+ * <p>Verifies the cryptographic MIC, contained in the token parameter,
+ * over the supplied message. This method is equivalent in
+ * functionality to its byte array counterpart.</p>
+ *
+ * <p>The MessageProp object is instantiated by the application and is used
+ * by the underlying mechanism to return information to the caller such
+ * as the QOP indicating the strength of protection that was applied to
+ * the message and other supplementary message state information.</p>
+ *
+ * <p>Since some application-level protocols may wish to use tokens emitted
+ * by getMIC to provide "secure framing", implementations should support
+ * the calculation and verification of MICs over zero-length messages.</p>
+ *
+ * @param tokStream Input stream containing the token generated by peer's
+ * getMIC method.
+ * @param msgStream Input stream containing the application message to
+ * verify the cryptographic MIC over.
+ * @param msgProp Upon return from the method, this object will contain
+ * the applied QOP and supplementary information
+ * stating whether the token was a duplicate, old, out of
+ * sequence or arriving after a gap. The confidentiality
+ * state will be set to <code>false</code>.
+ * @throws GSSException If this operation fails.
+ */
+ void verifyMIC(InputStream tokStream, InputStream msgStream, MessageProp msgProp)
+ throws GSSException;
+
+ /**
+ * <p>Provided to support the sharing of work between multiple processes.
+ * This routine will typically be used by the context-acceptor, in an
+ * application where a single process receives incoming connection
+ * requests and accepts security contexts over them, then passes the
+ * established context to one or more other processes for message
+ * exchange.</p>
+ *
+ * <p>This method deactivates the security context and creates an
+ * interprocess token which, when passed to the byte array constructor
+ * of the GSSContext interface in another process, will re-activate the
+ * context in the second process. Only a single instantiation of a
+ * given context may be active at any one time; a subsequent attempt by
+ * a context exporter to access the exported security context will fail.</p>
+ *
+ * <p>The implementation may constrain the set of processes by which the
+ * interprocess token may be imported, either as a function of local
+ * security policy, or as a result of implementation decisions. For
+ * example, some implementations may constrain contexts to be passed
+ * only between processes that run under the same account, or which are
+ * part of the same process group.</p>
+ *
+ * <p>The interprocess token may contain security-sensitive information
+ * (for example cryptographic keys). While mechanisms are encouraged to
+ * either avoid placing such sensitive information within interprocess
+ * tokens, or to encrypt the token before returning it to the
+ * application, in a typical GSS-API implementation this may not be
+ * possible. Thus the application must take care to protect the
+ * interprocess token, and ensure that any process to which the token is
+ * transferred is trustworthy.</p>
+ *
+ * @return The exported context.
+ * @throws GSSException If this operation fails.
+ */
+ byte[] export() throws GSSException;
+
+ /**
+ * <p>Sets the request state of the mutual authentication flag for the
+ * context. This method is only valid before the context creation
+ * process begins and only for the initiator.</p>
+ *
+ * @param state Boolean representing if mutual authentication should
+ * be requested during context establishment.
+ * @throws GSSException If this operation fails.
+ */
+ void requestMutualAuth(boolean state) throws GSSException;
+
+ /**
+ * <p>Sets the request state of the replay detection service for the
+ * context. This method is only valid before the context creation
+ * process begins and only for the initiator.</p>
+ *
+ * @param state Boolean representing if replay detection is desired
+ * over the established context.
+ * @throws GSSException If this operation fails.
+ */
+ void requestReplayDet(boolean state) throws GSSException;
+
+ /**
+ * <p>Sets the request state for the sequence checking service of the
+ * context. This method is only valid before the context creation
+ * process begins and only for the initiator.</p>
+ *
+ * @param state Boolean representing if sequence detection is desired
+ * over the established context.
+ * @throws GSSException If this operation fails.
+ */
+ void requestSequenceDet(boolean state) throws GSSException;
+
+ /**
+ * <p>Sets the request state for the credential delegation flag for the
+ * context. This method is only valid before the context creation
+ * process begins and only for the initiator.</p>
+ *
+ * @param state Boolean representing if credential delegation is
+ * desired.
+ * @throws GSSException If this operation fails.
+ */
+ void requestCredDeleg(boolean state) throws GSSException;
+
+ /**
+ * <p>Requests anonymous support over the context. This method is only
+ * valid before the context creation process begins and only for the
+ * initiator.</p>
+ *
+ * @param state Boolean representing if anonymity support is requested.
+ * @throws GSSException If this operation fails.
+ */
+ void requestAnonymity(boolean state) throws GSSException;
+
+ /**
+ * <p>Requests that confidentiality service be available over the context.
+ * This method is only valid before the context creation process begins
+ * and only for the initiator.</p>
+ *
+ * @param state Boolean indicating if confidentiality services are to
+ * be requested for the context.
+ * @throws GSSException If this operation fails.
+ */
+ void requestConf(boolean state) throws GSSException;
+
+ /**
+ * <p>Requests that integrity services be available over the context. This
+ * method is only valid before the context creation process begins and
+ * only for the initiator.</p>
+ *
+ * @param state Boolean indicating if integrity services are to be
+ * requested for the context.
+ * @throws GSSException If this operation fails.
+ */
+ void requestInteg(boolean state) throws GSSException;
+
+ /**
+ * <p>Sets the desired lifetime for the context in seconds. This method is
+ * only valid before the context creation process begins and only for
+ * the initiator. Use {@link #INDEFINITE_LIFETIME} and {@link
+ * #DEFAULT_LIFETIME} to request indefinite or default context lifetime.</p>
+ *
+ * @param lifetime The desired context lifetime in seconds.
+ * @throws GSSException If this operation fails.
+ */
+ void requestLifetime(int lifetime) throws GSSException;
+
+ /**
+ * <p>Sets the channel bindings to be used during context establishment.
+ * This method is only valid before the context creation process begins.</p>
+ *
+ * @param cb Channel bindings to be used.
+ * @throws GSSException If this operation fails.
+ */
+ void setChannelBinding(ChannelBinding cb) throws GSSException;
+
+ /**
+ * <p>Returns the state of the delegated credentials for the context.
+ * When issued before context establishment is completed or when the
+ * isProtReady method returns "false", it returns the desired state,
+ * otherwise it will indicate the actual state over the established
+ * context.</p>
+ *
+ * @return The state of the delegated credentials for the context.
+ */
+ boolean getCredDelegState();
+
+ /**
+ * <p>Returns the state of the mutual authentication option for the
+ * context. When issued before context establishment completes or when
+ * the isProtReady method returns "false", it returns the desired state,
+ * otherwise it will indicate the actual state over the established
+ * context.</p>
+ *
+ * @return The state of the mutual authentication option.
+ */
+ boolean getMutualAuthState();
+
+ /**
+ * <p>Returns the state of the replay detection option for the context.
+ * When issued before context establishment completes or when the
+ * isProtReady method returns "false", it returns the desired state,
+ * otherwise it will indicate the actual state over the established
+ * context.</p>
+ *
+ * @return The state of the replay detection option.
+ */
+ boolean getReplayDetState();
+
+ /**
+ * <p>Returns the state of the sequence detection option for the context.
+ * When issued before context establishment completes or when the
+ * isProtReady method returns "false", it returns the desired state,
+ * otherwise it will indicate the actual state over the established
+ * context.</p>
+ *
+ * @return The state of the sequence detection option.
+ */
+ boolean getSequenceDetState();
+
+ /**
+ * <p>Returns "true" if this is an anonymous context. When issued before
+ * context establishment completes or when the isProtReady method
+ * returns "false", it returns the desired state, otherwise it will
+ * indicate the actual state over the established context.</p>
+ *
+ * @return True if this is an anonymous context.
+ */
+ boolean getAnonymityState();
+
+ /**
+ * <p>Returns "true" if the context is transferable to other processes
+ * through the use of the {@link #export()} method. This call is only
+ * valid on fully established contexts.</p>
+ *
+ * @return True if the context is transferable.
+ * @throws GSSException If this operation fails.
+ */
+ boolean isTransferable() throws GSSException;
+
+ /**
+ * <p>Returns "true" if the per message operations can be applied over
+ * the context. Some mechanisms may allow the usage of per-message
+ * operations before the context is fully established. This will also
+ * indicate that the get methods will return actual context state
+ * characteristics instead of the desired ones.</p>
+ *
+ * @return True if the per message operations can be applied over
+ * the context.
+ */
+ boolean isProtReady();
+
+ /**
+ * <p>Returns the confidentiality service state over the context. When
+ * issued before context establishment completes or when the isProtReady
+ * method returns "false", it returns the desired state, otherwise it
+ * will indicate the actual state over the established context.</p>
+ *
+ * @return True the confidentiality service state.
+ */
+ boolean getConfState();
+
+ /**
+ * <p>Returns the integrity service state over the context. When issued
+ * before context establishment completes or when the isProtReady method
+ * returns "false", it returns the desired state, otherwise it will
+ * indicate the actual state over the established context.</p>
+ *
+ * @return The integrity service state.
+ */
+ boolean getIntegState();
+
+ /**
+ * <p>Returns the context lifetime in seconds. When issued before context
+ * establishment completes or when the isProtReady method returns
+ * "false", it returns the desired lifetime, otherwise it will indicate
+ * the remaining lifetime for the context.</p>
+ *
+ * @return The lifetime.
+ */
+ int getLifetime();
+
+ /**
+ * <p>Returns the name of the context initiator. This call is valid only
+ * after the context is fully established or the isProtReady method
+ * returns "true". It is guaranteed to return an MN.</p>
+ *
+ * @return The name of the context initiator.
+ * @throws GSSException If this operation fails.
+ */
+ GSSName getSrcName() throws GSSException;
+
+ /**
+ * <p>Returns the name of the context target (acceptor). This call is
+ * valid only after the context is fully established or the isProtReady
+ * method returns "true". It is guaranteed to return an MN.</p>
+ *
+ * @return The name of the context target.
+ * @throws GSSException If this operation fails.
+ */
+ GSSName getTargName() throws GSSException;
+
+ /**
+ * <p>Returns the mechanism oid for this context. This method may be called
+ * before the context is fully established, but the mechanism returned
+ * may change on successive calls in negotiated mechanism case.</p>
+ *
+ * @return The mechanism OID.
+ * @throws GSSException If this operation fails.
+ */
+ Oid getMech() throws GSSException;
+
+ /**
+ * <p>Returns the delegated credential object on the acceptor's side.
+ * To check for availability of delegated credentials call
+ * {@link #getDelegCredState()}. This call is only valid on fully
+ * established contexts.</p>
+ *
+ * @return The delegated credential object.
+ * @throws GSSException If this operation fails.
+ */
+ GSSCredential getDelegCred() throws GSSException;
+
+ /**
+ * <p>Returns "true" if this is the initiator of the context. This call is
+ * only valid after the context creation process has started.</p>
+ *
+ * @return True if this is the initiator.
+ * @throws GSSException If this operation fails.
+ */
+ boolean isInitiator() throws GSSException;
+}
--- /dev/null
+/* GSSCredential.java -- GSS credential interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+/* The documentation comments of this class are derived from the text
+ of RFC 2853: Generic Security Service API Version 2: Java Bindings.
+ That document is covered under the following license notice:
+
+Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of developing
+Internet standards in which case the procedures for copyrights defined
+in the Internet Standards process must be followed, or as required to
+translate it into languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
+WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
+
+
+package org.ietf.jgss;
+
+/**
+ * <p>This interface encapsulates the GSS-API credentials for an entity.
+ * A credential contains all the necessary cryptographic information to
+ * enable the creation of a context on behalf of the entity that it
+ * represents. It may contain multiple, distinct, mechanism specific
+ * credential elements, each containing information for a specific
+ * security mechanism, but all referring to the same entity.</p>
+ *
+ * <p>A credential may be used to perform context initiation, acceptance,
+ * or both.</p>
+ *
+ * <p>GSS-API implementations must impose a local access-control policy on
+ * callers to prevent unauthorized callers from acquiring credentials to
+ * which they are not entitled. GSS-API credential creation is not
+ * intended to provide a "login to the network" function, as such a
+ * function would involve the creation of new credentials rather than
+ * merely acquiring a handle to existing credentials. Such functions,
+ * if required, should be defined in implementation-specific extensions
+ * to the API.</p>
+ *
+ * <p>If credential acquisition is time-consuming for a mechanism, the
+ * mechanism may choose to delay the actual acquisition until the
+ * credential is required (e.g. by {@link GSSContext}). Such mechanism-
+ * specific implementation decisions should be invisible to the calling
+ * application; thus the query methods immediately following the
+ * creation of a credential object must return valid credential data,
+ * and may therefore incur the overhead of a deferred credential
+ * acquisition.</p>
+ *
+ * <p>Applications will create a credential object passing the desired
+ * parameters. The application can then use the query methods to obtain
+ * specific information about the instantiated credential object
+ * (equivalent to the gss_inquire routines). When the credential is no
+ * longer needed, the application should call the dispose (equivalent to
+ * gss_release_cred) method to release any resources held by the
+ * credential object and to destroy any cryptographically sensitive
+ * information.</p>
+ *
+ * <p>Classes implementing this interface also implement the {@link Cloneable}
+ * interface. This indicates the the class will support the {@link
+ * Cloneable#clone()} method that will allow the creation of duplicate
+ * credentials. This is useful when called just before the {@link
+ * #add(org.ietf.jgss.GSSName,int,int,org.ietf.jgss.Oid,int)} call to retain
+ * a copy of the original credential.</p>
+ *
+ * <h3>Example Code</h3>
+ *
+ * <pre>
+GSSManager mgr = GSSManager.getInstance();
+
+// start by creating a name object for the entity
+GSSName name = mgr.createName("userName", GSSName.NT_USER_NAME);
+
+// now acquire credentials for the entity
+GSSCredential cred = mgr.createCredential(name,
+ GSSCredential.ACCEPT_ONLY);
+
+// display credential information - name, remaining lifetime,
+// and the mechanisms it has been acquired over
+print(cred.getName().toString());
+print(cred.getRemainingLifetime());
+
+Oid [] mechs = cred.getMechs();
+if (mechs != null)
+ {
+ for (int i = 0; i < mechs.length; i++)
+ print(mechs[i].toString());
+ }
+
+// release system resources held by the credential
+cred.dispose();
+ * </pre>
+ */
+public interface GSSCredential extends Cloneable
+{
+
+ // Constants.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Credential usage flag requesting that it be able to be used for both
+ * context initiation and acceptance.
+ */
+ int INITIATE_AND_ACCEPT = 0;
+
+ /**
+ * Credential usage flag requesting that it be able to be used for
+ * context initiation only.
+ */
+ int INITIATE_ONLY = 1;
+
+ /**
+ * Credential usage flag requesting that it be able to be used for
+ * context acceptance only.
+ */
+ int ACCEPT_ONLY = 2;
+
+ /**
+ * A lifetime constant representing the default credential lifetime.
+ */
+ int DEFAULT_LIFETIME = 0;
+
+ /**
+ * A lifetime constant representing indefinite credential lifetime.
+ */
+ int INDEFINITE_LIFETIME = Integer.MAX_VALUE;
+
+ // Methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Releases any sensitive information that the GSSCredential object may
+ * be containing. Applications should call this method as soon as the
+ * credential is no longer needed to minimize the time any sensitive
+ * information is maintained.
+ *
+ * @throws GSSException If this operation fails.
+ */
+ void dispose() throws GSSException;
+
+ /**
+ * Retrieves the name of the entity that the credential asserts.
+ *
+ * @return The name.
+ * @throws GSSException If this operation fails.
+ */
+ GSSName getName() throws GSSException;
+
+ /**
+ * Retrieves a mechanism name of the entity that the credential asserts.
+ * Equivalent to calling {@link GSSName#canonicalize(org.ietf.jgss.Oid)}
+ * on the name returned by {@link #getName()}.
+ *
+ * @param mechOID The mechanism for which information should be returned.
+ * @return The name.
+ * @throws GSSException If this operation fails.
+ */
+ GSSName getName(Oid mechOID) throws GSSException;
+
+ /**
+ * Returns the remaining lifetime in seconds for a credential. The
+ * remaining lifetime is the minimum lifetime for any of the underlying
+ * credential mechanisms. A return value of {@link
+ * GSSCredential#INDEFINITE_LIFETIME} indicates that the credential does
+ * not expire. A return value of 0 indicates that the credential is
+ * already expired.
+ *
+ * @return The remaining lifetime.
+ * @throws GSSException If this operation fails.
+ */
+ int getRemainingLifetime() throws GSSException;
+
+ /**
+ * Returns the remaining lifetime is seconds for the credential to
+ * remain capable of initiating security contexts under the specified
+ * mechanism. A return value of {@link GSSCredential#INDEFINITE_LIFETIME}
+ * indicates that the credential does not expire for context initiation.
+ * A return value of 0 indicates that the credential is already expired.
+ *
+ * @param mech The mechanism for which information should be returned.
+ * @return The remaining lifetime.
+ * @throws GSSException If this operation fails.
+ */
+ int getRemainingInitLifetime(Oid mech) throws GSSException;
+
+ /**
+ * Returns the remaining lifetime is seconds for the credential to
+ * remain capable of accepting security contexts under the specified
+ * mechanism. A return value of {@link GSSCredential#INDEFINITE_LIFETIME}
+ * indicates that the credential does not expire for context acceptance.
+ * A return value of 0 indicates that the credential is already expired.
+ *
+ * @param mech The mechanism for which information should be returned.
+ * @return The remaining lifetime.
+ * @throws GSSException If this operation fails.
+ */
+ int getRemainingAcceptLifetime(Oid mech) throws GSSException;
+
+ /**
+ * Returns the credential usage flag. The return value will be one of
+ * {@link GSSCredential#INITIATE_ONLY}, {@link GSSCredential#ACCEPT_ONLY},
+ * or {@link GSSCredential#INITIATE_AND_ACCEPT}.
+ *
+ * @return The credential usage flag.
+ * @throws GSSException If this operation fails.
+ */
+ int getUsage() throws GSSException;
+
+ /**
+ * Returns the credential usage flag for the specified credential
+ * mechanism. The return value will be one of
+ * {@link GSSCredential#INITIATE_ONLY}, {@link GSSCredential#ACCEPT_ONLY},
+ * or {@link GSSCredential#INITIATE_AND_ACCEPT}.
+ *
+ * @param mechOID The mechanism for which information should be returned.
+ * @return The credential usage flag.
+ * @throws GSSException If this operation fails.
+ */
+ int getUsage(Oid mechOID) throws GSSException;
+
+ /**
+ * Returns an array of mechanisms supported by this credential.
+ *
+ * @return The supported mechanism.
+ * @throws GSSException If this operation fails.
+ */
+ Oid[] getMechs() throws GSSException;
+
+ /**
+ * <p>Adds a mechanism specific credential-element to an existing
+ * credential. This method allows the construction of credentials one
+ * mechanism at a time.</p>
+ *
+ * <p>This routine is envisioned to be used mainly by context acceptors
+ * during the creation of acceptance credentials which are to be used
+ * with a variety of clients using different security mechanisms.</p>
+ *
+ * <p>This routine adds the new credential element "in-place". To add the
+ * element in a new credential, first call {@link Cloneable#clone()} to
+ * obtain a copy of this credential, then call its <code>add()</code>
+ * method.</p>
+ *
+ * @param aName Name of the principal for whom this credential
+ * is to be acquired. Use <code>null</code> to
+ * specify the default principal.
+ * @param initLifetime The number of seconds that credentials should
+ * remain valid for initiating of security contexts.
+ * Use {@link #INDEFINITE_LIFETIME} to request that
+ * the credentials have the maximum permitted lifetime.
+ * Use {@link GSSCredential#DEFAULT_LIFETIME} to
+ * request the default credential lifetime.
+ * @param acceptLifetime The number of seconds that credentials should
+ * remain valid for accepting of security contexts.
+ * Use {@link GSSCredential#INDEFINITE_LIFETIME} to
+ * request that the credentials have the maximum
+ * permitted lifetime. Use {@link
+ * GSSCredential#DEFAULT_LIFETIME} to request
+ * the default credential lifetime.
+ * @param mech The mechanisms over which the credential is to be
+ * acquired.
+ * @param usage The intended usage for this credential object. The
+ * value of this parameter must be one of:
+ * {@link GSSCredential#ACCEPT_AND_INITIATE},
+ * {@link GSSCredential#ACCEPT_ONLY},
+ * {@link GSSCredential#INITIATE_ONLY}.
+ * @throws GSSException If this operation fails.
+ */
+ void add(GSSName aName, int initLifetime, int acceptLifetime,
+ Oid mech, int usage) throws GSSException;
+
+ /**
+ * Tests if this GSSCredential refers to the same entity as the supplied
+ * object. The two credentials must be acquired over the same
+ * mechanisms and must refer to the same principal. Returns <code>true</code>
+ * if the two GSSCredentials refer to the same entity; <code>false</code>
+ * otherwise. (Note that the Java language specification requires that two
+ * objects that are equal according to the {@link
+ * Object#equals(java.lang.Object)} method must return the same integer
+ * result when the {@link Object#hashCode()} method is called on them.)
+ *
+ * @param another Another GSSCredential object for comparison.
+ * @return True if this object equals the other.
+ */
+ boolean equals(Object another);
+}
--- /dev/null
+/* GSSException.java -- a general exception in GSS.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+/* The documentation comments of this class are derived from the text
+ of RFC 2853: Generic Security Service API Version 2: Java Bindings.
+ That document is covered under the following license notice:
+
+Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of developing
+Internet standards in which case the procedures for copyrights defined
+in the Internet Standards process must be followed, or as required to
+translate it into languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
+WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
+
+
+package org.ietf.jgss;
+
+import java.util.PropertyResourceBundle;
+import java.util.ResourceBundle;
+
+/**
+ * This exception is thrown whenever a fatal GSS-API error occurs
+ * including mechanism specific errors. It may contain both, the major
+ * and minor, GSS-API status codes. The mechanism implementers are
+ * responsible for setting appropriate minor status codes when throwing
+ * this exception. Aside from delivering the numeric error code(s) to
+ * the caller, this class performs the mapping from their numeric values
+ * to textual representations. All Java GSS-API methods are declared
+ * throwing this exception.
+ */
+public class GSSException extends Exception
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ // These values do not jive with the "Constant Field Values" in the J2SE
+ // 1.4.1, but do follow RFC 2853. I trust the IETF, but not Sun.
+
+ /**
+ * Channel bindings mismatch error.
+ */
+ public static final int BAD_BINDINGS = 4;
+
+ /**
+ * Unsupported mechanism requested error.
+ */
+ public static final int BAD_MECH = 1;
+
+ /**
+ * Invalid name provided error.
+ */
+ public static final int BAD_NAME = 2;
+
+ /**
+ * Name of unsupported type provided error.
+ */
+ public static final int BAD_NAMETYPE = 3;
+
+ /**
+ * Invalid status code error - this is the default status value.
+ */
+ public static final int BAD_STATUS = 5;
+
+ /**
+ * Token had invalid integrity check error.
+ */
+ public static final int BAD_MIC = 6;
+
+ /**
+ * Specified security context expired error.
+ */
+ public static final int CONTEXT_EXPIRED = 12;
+
+ /**
+ * Expired credentials detected error.
+ */
+ public static final int CREDENTIALS_EXPIRED = 11;
+
+ /**
+ * Defective credential error.
+ */
+ public static final int DEFECTIVE_CREDENTIAL = 10;
+
+ /**
+ * Defective token error.
+ */
+ public static final int DEFECTIVE_TOKEN = 9;
+
+ /**
+ * General failure, unspecified at GSS-API level.
+ */
+ public static final int FAILURE = 13;
+
+ /**
+ * Invalid security context error.
+ */
+ public static final int NO_CONTEXT = 8;
+
+ /**
+ * Invalid credentials error.
+ */
+ public static final int NO_CRED = 7;
+
+ /**
+ * Unsupported QOP value error.
+ */
+ public static final int BAD_QOP = 14;
+
+ /**
+ * Operation unauthorized error.
+ */
+ public static final int UNAUTHORIZED = 15;
+
+ /**
+ * Operation unavailable error.
+ */
+ public static final int UNAVAILABLE = 16;
+
+ /**
+ * Duplicate credential element requested error.
+ */
+ public static final int DUPLICATE_ELEMENT = 17;
+
+ /**
+ * Name contains multi-mechanism elements error.
+ */
+ public static final int NAME_NOT_MN = 18;
+
+ /**
+ * The token was a duplicate of an earlier token. This is a fatal error
+ * code that may occur during context establishment. It is not used to
+ * indicate supplementary status values. The MessageProp object is used
+ * for that purpose.
+ */
+ public static final int DUPLICATE_TOKEN = 20;
+
+ /**
+ * The token's validity period has expired. This is a fatal error code
+ * that may occur during context establishment. It is not used to
+ * indicate supplementary status values. The MessageProp object is used
+ * for that purpose.
+ */
+ public static final int OLD_TOKEN = 19;
+
+ /**
+ * A later token has already been processed. This is a fatal error code
+ * that may occur during context establishment. It is not used to
+ * indicate supplementary status values. The MessageProp object is used
+ * for that purpose.
+ */
+ public static final int UNSEQ_TOKEN = 21;
+
+ /**
+ * An expected per-message token was not received. This is a fatal
+ * error code that may occur during context establishment. It is not
+ * used to indicate supplementary status values. The MessageProp object
+ * is used for that purpose.
+ */
+ public static final int GAP_TOKEN = 22;
+
+ private final int major;
+ private int minor;
+ private String minorString;
+
+ private ResourceBundle messages;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Create a new GSS exception with the given major code.
+ *
+ * @param major The major GSS error code.
+ */
+ public GSSException(int major)
+ {
+ this(major, 0, null);
+ }
+
+ /**
+ * Create a new GSS exception with the given major and minor codes, and a
+ * minor explanation string.
+ *
+ * @param major The major GSS error code.
+ * @param minor The minor application-specific error code.
+ * @param minorString An explanation of the minor error code.
+ */
+ public GSSException(int major, int minor, String minorString)
+ {
+ this.major = major;
+ this.minor = minor;
+ this.minorString = minorString;
+ try
+ {
+ messages = PropertyResourceBundle.getBundle("org/ietf/jgss/MessagesBundle");
+ }
+ catch (Exception e)
+ {
+ messages = null;
+ }
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the major code representing the GSS error code that caused
+ * this exception to be thrown.
+ *
+ * @return The major error code.
+ */
+ public int getMajor()
+ {
+ return major;
+ }
+
+ /**
+ * Returns the mechanism error code that caused this exception. The
+ * minor code is set by the underlying mechanism. Value of 0 indicates
+ * that mechanism error code is not set.
+ *
+ * @return The minor error code, or 0 if not set.
+ */
+ public int getMinor()
+ {
+ return minor;
+ }
+
+ /**
+ * Returns a string explaining the GSS major error code causing this
+ * exception to be thrown.
+ *
+ * @return The major error string.
+ */
+ public String getMajorString()
+ {
+ switch (major)
+ {
+ case BAD_MECH:
+ return getMsg("GSSException.BAD_MECH",
+ "An unsupported mechanism was requested.");
+ case BAD_NAME:
+ return getMsg("GSSException.BAD_NAME",
+ "An invalid name was supplied.");
+ case BAD_NAMETYPE:
+ return getMsg("GSSException.BAD_NAMETYPE",
+ "A supplied name was of an unsupported type.");
+ case BAD_BINDINGS:
+ return getMsg("GSSException.BAD_BINDINGS",
+ "Incorrect channel bindings were supplied.");
+ case BAD_STATUS:
+ return getMsg("GSSException.BAD_STATUS",
+ "An invalid status code was supplied.");
+ case BAD_MIC:
+ return getMsg("GSSException.BAD_MIC",
+ "A token had an invalid MIC.");
+ case NO_CRED:
+ return getMsg("GSSException.NO_CRED",
+ "No credentials were supplied, or the credentials were "+
+ "unavailable or inaccessible.");
+ case NO_CONTEXT:
+ return getMsg("GSSException.NO_CONTEXT",
+ "Invalid context has been supplied.");
+ case DEFECTIVE_TOKEN:
+ return getMsg("GSSException.DEFECTIVE_TOKEN",
+ "A supplied token was invalid.");
+ case DEFECTIVE_CREDENTIAL:
+ return getMsg("GSSException.DEFECTIVE_CREDENTIAL",
+ "A supplied credential was invalid.");
+ case CREDENTIALS_EXPIRED:
+ return getMsg("GSSException.CREDENTIALS_EXPIRED",
+ "The referenced credentials have expired.");
+ case CONTEXT_EXPIRED:
+ return getMsg("GSSException.CONTEXT_EXPIRED",
+ "The context has expired.");
+ case FAILURE:
+ return getMsg("GSSException.FAILURE",
+ "Miscellaneous failure.");
+ case BAD_QOP:
+ return getMsg("GSSException.BAD_QOP",
+ "The quality-of-protection requested could not be provided.");
+ case UNAUTHORIZED:
+ return getMsg("GSSException.UNAUTHORIZED",
+ "The operation is forbidden by local security policy.");
+ case UNAVAILABLE:
+ return getMsg("GSSException.UNAVAILABLE",
+ "The operation or option is unavailable.");
+ case DUPLICATE_ELEMENT:
+ return getMsg("GSSException.DUPLICATE_ELEMENT",
+ "The requested credential element already exists.");
+ case NAME_NOT_MN:
+ return getMsg("GSSException.NAME_NOT_MN",
+ "The provided name was not a mechanism name.");
+ case OLD_TOKEN:
+ return getMsg("GSSException.OLD_TOKEN",
+ "The token's validity period has expired.");
+ case DUPLICATE_TOKEN:
+ return getMsg("GSSException.DUPLICATE_TOKEN",
+ "The token was a duplicate of an earlier version.");
+ case UNSEQ_TOKEN:
+ return getMsg("GSSException.UNSEQ_TOKEN",
+ "A later token has already been processed.");
+ case GAP_TOKEN:
+ return getMsg("GSSException.GAP_TOKEN",
+ "An expected per-message token was not received.");
+ default: return "Unknown or invalid error code.";
+ }
+ }
+
+ /**
+ * Returns a string explaining the mechanism specific error code.
+ * <code>null</code> will be returned when no mechanism error code has
+ * been set.
+ *
+ * @return The minor error string, or <code>null</code>.
+ */
+ public String getMinorString()
+ {
+ return minorString;
+ }
+
+ /**
+ * Used internally by the GSS-API implementation and the underlying
+ * mechanisms to set the minor code and its textual representation.
+ *
+ * @param minorCode The mechanism specific error code.
+ * @param message A textual explanation of the mechanism error code.
+ */
+ public void setMinor(int minorCode, String message)
+ {
+ this.minor = minorCode;
+ this.minorString = message;
+ }
+
+ /**
+ * Returns a textual representation of both the major and minor status
+ * codes.
+ *
+ * @return The textual representation.
+ */
+ public String toString()
+ {
+ return GSSException.class.getName() + ": " + getMessage();
+ }
+
+ /**
+ * Returns a detailed message of this exception. Overrides {@link
+ * Throwable#getMessage()}. It is customary in Java to use this method to
+ * obtain exception information.
+ *
+ * @return The detail message.
+ */
+ public String getMessage()
+ {
+ if (minor == 0)
+ return getMajorString();
+ else
+ return getMajorString() + " (" + minorString + ")";
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private String getMsg(String key, String defaultText)
+ {
+ if (messages != null)
+ {
+ try
+ {
+ return messages.getString(key);
+ }
+ catch (Exception e)
+ {
+ }
+ }
+ return defaultText;
+ }
+}
--- /dev/null
+/* GSSManager.java -- manager class for the GSS-API.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+/* The documentation comments of this class are derived from the text
+ of RFC 2853: Generic Security Service API Version 2: Java Bindings.
+ That document is covered under the following license notice:
+
+Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of developing
+Internet standards in which case the procedures for copyrights defined
+in the Internet Standards process must be followed, or as required to
+translate it into languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
+WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
+
+
+package org.ietf.jgss;
+
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * <p>The GSSManager class is an abstract class that serves as a factory
+ * for three GSS interfaces: {@link GSSName}, {@link GSSCredential}, and
+ * {@link GSSContext}. It also provides methods for applications to determine
+ * what mechanisms are available from the GSS implementation and what
+ * nametypes these mechanisms support. An instance of the default GSSManager
+ * subclass may be obtained through the static method {@link #getInstance()},
+ * but applications are free to instantiate other subclasses of GSSManager.</p>
+ *
+ * <p>All but one method in this class are declared abstract. This means
+ * that subclasses have to provide the complete implementation for those
+ * methods. The only exception to this is the static method {@link
+ * #getInstance()} which will have platform specific code to return an
+ * instance of the default subclass.</p>
+ *
+ * <p>Platform providers of GSS are required not to add any constructors to
+ * this class, private, public, or protected. This will ensure that all
+ * subclasses invoke only the default constructor provided to the base
+ * class by the compiler.</p>
+ *
+ * <p>A subclass extending the GSSManager abstract class may be implemented
+ * as a modular provider based layer that utilizes some well known
+ * service provider specification. The GSSManager API provides the
+ * application with methods to set provider preferences on such an
+ * implementation. These methods also allow the implementation to throw
+ * a well-defined exception in case provider based configuration is not
+ * supported. Applications that expect to be portable should be aware of
+ * this and recover cleanly by catching the exception.</p>
+ *
+ * <p>It is envisioned that there will be three most common ways in which
+ * providers will be used:</p>
+ *
+ * <ol>
+ * <li>The application does not care about what provider is used (the
+ * default case).</li>
+ *
+ * <li>The application wants a particular provider to be used
+ * preferentially, either for a particular mechanism or all the
+ * time, irrespective of mechanism.</li>
+ *
+ * <li>The application wants to use the locally configured providers
+ * as far as possible but if support is missing for one or more
+ * mechanisms then it wants to fall back on its own provider.</li>
+ * </ol>
+ *
+ * <p>The GSSManager class has two methods that enable these modes of
+ * usage: {@link #addProviderAtFront(java.security.Provider,org.ietf.jgss.Oid)}
+ * and {@link #addProviderAtEnd(java.security.Provider,org.ietf.jgss.Oid)}.
+ * These methods have the effect of creating an ordered list of
+ * (<i>provider</i>, <i>oid</i>) pairs where each pair indicates a preference
+ * of provider for a given oid.</p>
+ *
+ * <p>The use of these methods does not require any knowledge of whatever
+ * service provider specification the GSSManager subclass follows. It is
+ * hoped that these methods will serve the needs of most applications.
+ * Additional methods may be added to an extended GSSManager that could
+ * be part of a service provider specification that is standardized
+ * later.</p>
+ *
+ * <h3>Example Code</h3>
+ *
+ * <pre>
+GSSManager mgr = GSSManager.getInstance();
+
+// What mechs are available to us?
+Oid[] supportedMechs = mgr.getMechs();
+
+// Set a preference for the provider to be used when support is needed
+// for the mechanisms "1.2.840.113554.1.2.2" and "1.3.6.1.5.5.1.1".
+
+Oid krb = new Oid("1.2.840.113554.1.2.2");
+Oid spkm1 = new Oid("1.3.6.1.5.5.1.1");
+
+Provider p = (Provider) (new com.foo.security.Provider());
+
+mgr.addProviderAtFront(p, krb);
+mgr.addProviderAtFront(p, spkm1);
+
+// What name types does this spkm implementation support?
+Oid[] nameTypes = mgr.getNamesForMech(spkm1);
+</pre>
+ */
+public abstract class GSSManager
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public GSSManager()
+ {
+ }
+
+ // Class method.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the default GSSManager implementation.
+ *
+ * @return The default GSSManager implementation.
+ */
+ public static synchronized GSSManager getInstance()
+ {
+ String impl = Security.getProperty("org.ietf.jgss.GSSManager");
+ if (impl == null)
+ impl = "gnu.crypto.gssapi.GSSManagerImpl";
+ try
+ {
+ ClassLoader loader = GSSManager.class.getClassLoader();
+ if (loader == null)
+ loader = ClassLoader.getSystemClassLoader();
+ Class c = loader.loadClass(impl);
+ return (GSSManager) c.newInstance();
+ }
+ catch (Exception x)
+ {
+ throw new RuntimeException(x.toString());
+ }
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>This method is used to indicate to the GSSManager that the
+ * application would like a particular provider to be used if no other
+ * provider can be found that supports the given mechanism. When a value
+ * of null is used instead of an Oid for the mechanism, the GSSManager
+ * must use the indicated provider for any mechanism.</p>
+ *
+ * <p>Calling this method repeatedly preserves the older settings but
+ * raises them above newer ones in preference thus forming an ordered
+ * list of providers and Oid pairs that grows at the bottom. Thus the
+ * older provider settings will be utilized first before this one is.</p>
+ *
+ * <p>If there are any previously existing preferences that conflict with
+ * the preference being set here, then the GSSManager should ignore this
+ * request.</p>
+ *
+ * <p>If the GSSManager implementation does not support an SPI with a
+ * pluggable provider architecture it should throw a GSSException with
+ * the status code {@link GSSException#UNAVAILABLE} to indicate that the
+ * operation is unavailable.</p>
+ *
+ * @param p The provider instance that should be used whenever
+ * support is needed for <i>mech</i>.
+ * @param mech The mechanism for which the provider is being set.
+ * @throws GSSException If this service is unavailable.
+ */
+ public abstract void addProviderAtEnd(Provider p, Oid mech)
+ throws GSSException;
+
+ /**
+ * <p>This method is used to indicate to the GSSManager that the
+ * application would like a particular provider to be used ahead of all
+ * others when support is desired for the given mechanism. When a value
+ * of null is used instead of an Oid for the mechanism, the GSSManager
+ * must use the indicated provider ahead of all others no matter what
+ * the mechanism is. Only when the indicated provider does not support
+ * the needed mechanism should the GSSManager move on to a different
+ * provider.</p>
+ *
+ * <p>Calling this method repeatedly preserves the older settings but
+ * lowers them in preference thus forming an ordered list of provider
+ * and Oid pairs that grows at the top.</p>
+ *
+ * <p>Calling addProviderAtFront with a null Oid will remove all previous
+ * preferences that were set for this provider in the GSSManager
+ * instance. Calling addProviderAtFront with a non-null Oid will remove
+ * any previous preference that was set using this mechanism and this
+ * provider together.</p>
+ *
+ * <p>If the GSSManager implementation does not support an SPI with a
+ * pluggable provider architecture it should throw a GSSException with
+ * the status code {@link GSSException#UNAVAILABLE} to indicate that the
+ * operation is unavailable.</p>
+ *
+ * @param p The provider instance that should be used whenever
+ * support is needed for <i>mech</i>.
+ * @param mech The mechanism for which the provider is being set.
+ * @throws GSSException If this service is unavailable.
+ */
+ public abstract void addProviderAtFront(Provider p, Oid mech)
+ throws GSSException;
+
+ /**
+ * Factory method for creating a previously exported context. The
+ * context properties will be determined from the input token and can't
+ * be modified through the set methods.
+ *
+ * @param interProcessToken The token previously emitted from the
+ * export method.
+ * @return The context.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSContext createContext(byte[] interProcessToken)
+ throws GSSException;
+
+ /**
+ * Factory method for creating a context on the acceptor' side. The
+ * context's properties will be determined from the input token supplied
+ * to the accept method.
+ *
+ * @param myCred Credentials for the acceptor. Use <code>null</code> to
+ * act as a default acceptor principal.
+ * @return The context.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSContext createContext(GSSCredential myCred)
+ throws GSSException;
+
+ /**
+ * Factory method for creating a context on the initiator's side.
+ * Context flags may be modified through the mutator methods prior to
+ * calling {@link
+ * GSSContext#initSecContext(java.io.InputStream,java.io.OutputStream)}.
+ *
+ * @param peer Name of the target peer.
+ * @param mech Oid of the desired mechanism. Use <code>null</code>
+ * to request default mechanism.
+ * @param myCred Credentials of the initiator. Use <code>null</code>
+ * default initiator principal.
+ * @param lifetime The request lifetime, in seconds, for the context.
+ * Use {@link GSSContext#INDEFINITE_LIFETIME} and
+ * {@link GSSContext#DEFAULT_LIFETIME} to request
+ * indefinite or default context lifetime.
+ * @return The context.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSContext createContext(GSSName peer, Oid mech,
+ GSSCredential myCred, int lifetime)
+ throws GSSException;
+
+ /**
+ * Factory method for acquiring default credentials. This will cause
+ * the GSS-API to use system specific defaults for the set of
+ * mechanisms, name, and a DEFAULT lifetime.
+ *
+ * @param usage The intended usage for this credential object. The
+ * value of this parameter must be one of:
+ * {@link GSSCredential#ACCEPT_AND_INITIATE},
+ * {@link GSSCredential#ACCEPT_ONLY},
+ * {@link GSSCredential#INITIATE_ONLY}.
+ * @return The credential.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSCredential createCredential(int usage) throws GSSException;
+
+ /**
+ * Factory method for acquiring a single mechanism credential.
+ *
+ * @param aName Name of the principal for whom this credential is to
+ * be acquired. Use <code>null</code> to specify the
+ * default principal.
+ * @param lifetime The number of seconds that credentials should remain
+ * valid. Use {@link GSSCredential#INDEFINITE_LIFETIME}
+ * to request that the credentials have the maximum
+ * permitted lifetime. Use {@link
+ * GSSCredential#DEFAULT_LIFETIME} to request default
+ * credential lifetime.
+ * @param mech The oid of the desired mechanism. Use <code>null</code>
+ * to request the default mechanism(s).
+ * @param usage The intended usage for this credential object. The
+ * value of this parameter must be one of:
+ * {@link GSSCredential#ACCEPT_AND_INITIATE},
+ * {@link GSSCredential#ACCEPT_ONLY},
+ * {@link GSSCredential#INITIATE_ONLY}.
+ * @return The credential.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSCredential createCredential(GSSName aName, int lifetime,
+ Oid mech, int usage)
+ throws GSSException;
+
+ /**
+ * Factory method for acquiring credentials over a set of mechanisms.
+ * Acquires credentials for each of the mechanisms specified in the
+ * array called mechs. To determine the list of mechanisms' for which
+ * the acquisition of credentials succeeded, the caller should use the
+ * {@link GSSCredential#getMechs()} method.
+ *
+ * @param aName Name of the principal for whom this credential is to
+ * be acquired. Use <code>null</code> to specify the
+ * default principal.
+ * @param lifetime The number of seconds that credentials should remain
+ * valid. Use {@link GSSCredential#INDEFINITE_LIFETIME}
+ * to request that the credentials have the maximum
+ * permitted lifetime. Use {@link
+ * GSSCredential#DEFAULT_LIFETIME} to request default
+ * credential lifetime.
+ * @param mechs The array of mechanisms over which the credential is
+ * to be acquired. Use <code>null</code> for requesting
+ * a system specific default set of mechanisms.
+ * @param usage The intended usage for this credential object. The
+ * value of this parameter must be one of:
+ * {@link GSSCredential#ACCEPT_AND_INITIATE},
+ * {@link GSSCredential#ACCEPT_ONLY},
+ * {@link GSSCredential#INITIATE_ONLY}.
+ * @return The credential.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSCredential createCredential(GSSName aName, int lifetime,
+ Oid[] mechs, int usage)
+ throws GSSException;
+
+ /**
+ * Factory method to convert a contiguous byte array containing a name
+ * from the specified namespace to a {@link GSSName} object. In general,
+ * the {@link GSSName} object created will not be an MN; two examples that
+ * are exceptions to this are when the namespace type parameter indicates
+ * {@link GSSName#NT_EXPORT_NAME} or when the GSS-API implementation is not
+ * multi-mechanism.
+ *
+ * @param name The byte array containing the name to create.
+ * @param nameType The Oid specifying the namespace of the name supplied
+ * in the byte array. Note that nameType serves to
+ * describe and qualify the interpretation of the input
+ * name byte array, it does not necessarily imply a type
+ * for the output GSSName implementation. "null" value
+ * can be used to specify that a mechanism specific
+ * default syntax should be assumed by each mechanism
+ * that examines the byte array.
+ * @return The name.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSName createName(byte[] name, Oid nameType)
+ throws GSSException;
+
+ /**
+ * Factory method to convert a contiguous byte array containing a name
+ * from the specified namespace to a GSSName object that is an MN. In
+ * other words, this method is a utility that does the equivalent of two
+ * steps: {@link #createName(byte[],org.ietf.jgss.Oid)} and then also
+ * {@link GSSName#canonicalize(org.ietf.jgss.Oid)}.
+ *
+ * @param name The byte array representing the name to create.
+ * @param nameType The Oid specifying the namespace of the name supplied
+ * in the byte array. Note that nameType serves to
+ * describe and qualify the interpretation of the input
+ * name byte array, it does not necessarily imply a type
+ * for the output GSSName implementation. "null" value
+ * can be used to specify that a mechanism specific
+ * default syntax should be assumed by each mechanism
+ * that examines the byte array.
+ * @param mech Oid specifying the mechanism for which this name
+ * should be created.
+ * @return The name.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSName createName(byte[] name, Oid nameType, Oid mech)
+ throws GSSException;
+
+ /**
+ * Factory method to convert a contiguous string name from the specified
+ * namespace to a {@link GSSName} object. In general, the {@link GSSName}
+ * object created will not be an MN; two examples that are exceptions to
+ * this are when the namespace type parameter indicates {@link
+ * GSSName#NT_EXPORT_NAME} or when the GSS-API implementation is not
+ * multi-mechanism.
+ *
+ * @param nameStr The string representing a printable form of the name
+ * to create.
+ * @param nameType The Oid specifying the namespace of the printable name
+ * supplied. Note that nameType serves to describe and
+ * qualify the interpretation of the input nameStr, it
+ * does not necessarily imply a type for the output
+ * GSSName implementation. "null" value can be used to
+ * specify that a mechanism specific default printable
+ * syntax should be assumed by each mechanism that
+ * examines nameStr.
+ * @return The name.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSName createName(String nameStr, Oid nameType)
+ throws GSSException;
+
+ /**
+ * Factory method to convert a contiguous string name from the specified
+ * namespace to an GSSName object that is a mechanism name (MN). In
+ * other words, this method is a utility that does the equivalent of two
+ * steps: the {@link #createName(java.lang.String,org.ietf.jgss.Oid)}
+ * and then also {@link GSSName#canonicalize(org.ietf.jgss.Oid)}.
+ *
+ * @param nameStr The string representing a printable form of the name
+ * to create.
+ * @param nameType The Oid specifying the namespace of the printable name
+ * supplied. Note that nameType serves to describe and
+ * qualify the interpretation of the input nameStr, it
+ * does not necessarily imply a type for the output
+ * GSSName implementation. "null" value can be used to
+ * specify that a mechanism specific default printable
+ * syntax should be assumed when the mechanism examines
+ * nameStr.
+ * @param mech Oid specifying the mechanism for which this name
+ * should be created.
+ * @return The name.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract GSSName createName(String nameStr, Oid nameType, Oid mech)
+ throws GSSException;
+
+ /**
+ * Returns an array of {@link Oid} objects indicating mechanisms available
+ * to GSS-API callers. A <code>null</code> value is returned when no
+ * mechanism are available (an example of this would be when mechanism are
+ * dynamically configured, and currently no mechanisms are installed).
+ *
+ * @return The array of available mechanisms, or <code>null</code>.
+ */
+ public abstract Oid[] getMechs();
+
+ /**
+ * Returns an array of {@link Oid} objects corresponding to the mechanisms
+ * that support the specific name type. <code>null</code> is returned when
+ * no mechanisms are found to support the specified name type.
+ *
+ * @param name The Oid object for the name type.
+ * @return The array of mechanisms, or <code>null</code>.
+ */
+ public abstract Oid[] getMechsForName(Oid name);
+
+ /**
+ * Returns name type Oid's supported by the specified mechanism.
+ *
+ * @param mechanism The Oid object for the mechanism to query.
+ * @return The name type Oid's supported by the mechanism.
+ * @throws GSSException If this operation fails.
+ */
+ public abstract Oid[] getNamesForMech(Oid mechanism) throws GSSException;
+}
--- /dev/null
+/* GSSName.java -- a name interface for GSS.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+/* The documentation comments of this class are derived from the text
+ of RFC 2853: Generic Security Service API Version 2: Java Bindings.
+ That document is covered under the following license notice:
+
+Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of developing
+Internet standards in which case the procedures for copyrights defined
+in the Internet Standards process must be followed, or as required to
+translate it into languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
+WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
+
+
+package org.ietf.jgss;
+
+/**
+ * <p>This interface encapsulates a single GSS-API principal entity.
+ * Different name formats and their definitions are identified with
+ * universal Object Identifiers (Oids). The format of the names can be
+ * derived based on the unique oid of its namespace type.</p>
+ *
+ * <h3>Example Code</h3>
+ *
+ * <pre>
+GSSManager mgr = GSSManager.getInstance();
+
+// create a host based service name
+GSSName name = mgr.createName("service@host",
+ GSSName.NT_HOSTBASED_SERVICE);
+
+Oid krb5 = new Oid("1.2.840.113554.1.2.2");
+
+GSSName mechName = name.canonicalize(krb5);
+
+// the above two steps are equivalent to the following
+GSSName mechName = mgr.createName("service@host",
+ GSSName.NT_HOSTBASED_SERVICE, krb5);
+
+// perform name comparison
+if (name.equals(mechName))
+ print("Names are equal.");
+
+// obtain textual representation of name and its printable
+// name type
+print(mechName.toString() +
+ mechName.getStringNameType().toString());
+
+// export and re-import the name
+byte [] exportName = mechName.export();
+
+// create a new name object from the exported buffer
+GSSName newName = mgr.createName(exportName,
+ GSSName.NT_EXPORT_NAME);
+</pre>
+ */
+public interface GSSName
+{
+
+ // Constants.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Name type for representing an anonymous entity. It represents the
+ * following value: <code>{ 1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 3(gss-anonymous-name) }</code>.</p>
+ */
+ Oid NT_ANONYMOUS = new Oid(new int[] { 1, 3, 6, 1, 5, 6, 3 });
+
+ /**
+ * <p>Name type used to indicate an exported name produced by the export
+ * method. It represents the following value: <code>{ 1(iso), 3(org), 6(dod),
+ * 1(internet), 5(security), 6(nametypes), 4(gss-api-exported-name)
+ * }</code>.</p>
+ */
+ Oid NT_EXPORT_NAME = new Oid(new int[] { 1, 3, 6, 1, 5, 6, 4 });
+
+ /**
+ * <p>Oid indicating a host-based service name form. It is used to
+ * represent services associated with host computers. This name form is
+ * constructed using two elements, "service" and "hostname", as follows:</p>
+ *
+ * <blockquote><code>service@hostname</code></blockquote>
+ *
+ * <p>Values for the "service" element are registered with the IANA. It
+ * represents the following value: <code>{ 1(iso), 3(org), 6(dod),
+ * 1(internet), 5(security), 6(nametypes), 2(gss-host-based-services)
+ * }</code>.</p>
+ */
+ Oid NT_HOSTBASED_SERVICE = new Oid(new int[] { 1, 3, 6, 1, 5, 6, 2 });
+
+ /**
+ * <p>Name type to indicate a numeric user identifier corresponding to a
+ * user on a local system. (e.g. Uid). It represents the following
+ * value: <code>{ iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) machine_uid_name(2) }</code>.</p>
+ */
+ Oid NT_MACHINE_UID_NAME = new Oid(new int[] { 1, 2, 840, 113554, 1, 2, 1, 2 });
+
+ /**
+ * <p>Name type to indicate a string of digits representing the numeric
+ * user identifier of a user on a local system. It represents the
+ * following value: <code>{ iso(1) member-body(2) United States(840)
+ * mit(113554) infosys(1) gssapi(2) generic(1) string_uid_name(3)
+ * }</code>.</p>
+ */
+ Oid NT_STRING_UID_NAME = new Oid(new int[] { 1, 2, 840, 113554, 1, 2, 1, 3 });
+
+ /**
+ * <p>Name type to indicate a named user on a local system. It represents
+ * the following value: <code>{ iso(1) member-body(2) United States(840)
+ * mit(113554) infosys(1) gssapi(2) generic(1) user_name(1) }</code>.</p>
+ */
+ Oid NT_USER_NAME = new Oid(new int[] { 1, 2, 840, 113554, 1, 2, 1, 1 });
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Compares two GSSName objects to determine whether they refer to the
+ * same entity. This method may throw a {@link GSSException} when the
+ * names cannot be compared. If either of the names represents an
+ * anonymous entity, the method will return <code>false</code>.
+ *
+ * @param another GSSName object to compare with.
+ * @return True if this name equals the other, and if neither name
+ * represents an anonymous entity.
+ * @throws GSSException If the names cannot be compared.
+ */
+ boolean equals(GSSName another) throws GSSException;
+
+ /**
+ * A variation of the {@link #equals(org.ietf.jgss.GSSName)} method that
+ * is provided to override the {@link Object#equals(java.lang.Object)}
+ * method that the implementing class will inherit. The behavior is
+ * exactly the same as that in the other equals method except that no
+ * {@link GSSException} is thrown; instead, <code>false</code> will be
+ * returned in the situation where an error occurs. (Note that the Java
+ * language specification requires that two objects that are equal
+ * according to the {@link Object#equals(java.lang.Object)} method must
+ * return the same integer when the {@link hashCode()} method is called
+ * on them.
+ *
+ * @param another GSSName object to compare with.
+ * @return True if this name equals the other, if neither name
+ * represents an anonymous entity, or if an error occurs.
+ */
+ boolean equals(Object another);
+
+ /**
+ * Creates a mechanism name (MN) from an arbitrary internal name. This
+ * is equivalent to using the factory methods {@link
+ * GSSManager#createName(java.lang.String,org.ietf.jgss.Oid,org.ietf.jgss.Oid)}
+ * or {@link
+ * GSSManager#createName(byte[],org.ietf.jgss.Oid,org.ietf.jgss.Oid)}.
+ *
+ * @param mech The oid for the mechanism for which the canonical form
+ * of the name is requested.
+ * @return The mechanism name.
+ * @throws GSSException If this operation fails.
+ */
+ GSSName canonicalize(Oid mech) throws GSSException;
+
+ /**
+ * Returns a canonical contiguous byte representation of a mechanism
+ * name (MN), suitable for direct, byte by byte comparison by
+ * authorization functions. If the name is not an MN, implementations
+ * may throw a {@link GSSException} with the {@link GSSException#NAME_NOT_MN}
+ * status code. If an implementation chooses not to throw an exception,
+ * it should use some system specific default mechanism to canonicalize
+ * the name and then export it. The format of the header of the output
+ * buffer is specified in <a
+ * href="http://www.ietf.org/rfc/rfc2743.txt">RFC 2743</a>.
+ *
+ * @return The exported name.
+ * @throws GSSException If the name is not an MN and the implementation
+ * throws an exception for this case.
+ */
+ byte[] export() throws GSSException;
+
+ /**
+ * Returns a textual representation of the GSSName object. To retrieve
+ * the printed name format, which determines the syntax of the returned
+ * string, the {@link #getStringNameType()} method can be used.
+ *
+ * @return The textual representation of the GSSName object.
+ */
+ String toString();
+
+ /**
+ * Returns the oid representing the type of name returned through the
+ * {@link #toString()} method. Using this oid, the syntax of the printable
+ * name can be determined.
+ *
+ * @return The name type.
+ * @throws GSSException If this operation fails.
+ */
+ Oid getStringNameType() throws GSSException;
+
+ /**
+ * Tests if this name object represents an anonymous entity. Returns
+ * <code>true</code> if this is an anonymous name.
+ *
+ * @return True if this name represents an anonymous entity.
+ */
+ boolean isAnonymous();
+
+ /**
+ * Tests if this name object contains only one mechanism element and is
+ * thus a mechanism name as defined by <a
+ * href="http://www.ietf.org/rfc/rfc2743.txt">RFC 2743</a>.
+ *
+ * @return True if this name is a mechanism name.
+ */
+ boolean isMN();
+}
--- /dev/null
+/* MessageProp.java -- GSS-API message property.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+/* The documentation comments of this class are derived from the text
+ of RFC 2853: Generic Security Service API Version 2: Java Bindings.
+ That document is covered under the following license notice:
+
+Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of developing
+Internet standards in which case the procedures for copyrights defined
+in the Internet Standards process must be followed, or as required to
+translate it into languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
+WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
+
+
+package org.ietf.jgss;
+
+/**
+ * <p>This is a utility class used within the per-message {@link
+ * GSSContext} methods to convey per-message properties.</p>
+ *
+ * <p>When used with the GSSContext interface's {@link
+ * GSSContext#wrap(byte[],int,int,org.ietf.jgss.MessageProp)} and {@link
+ * GSSContext#getMIC(byte[],int,int,org.ietf.jgss.MessageProp)} methods, an
+ * instance of this class is used to indicate the desired QOP and to
+ * request if confidentiality services are to be applied to caller
+ * supplied data (wrap only). To request default QOP, the value of 0
+ * should be used for QOP.</p>
+ *
+ * <p>When used with the {@link
+ * GSSContext#unwrap(byte[],int,int,org.ietf.jgss.MessageProp)} and {@link
+ * GSSContext#verifyMIC(byte[],int,int,byte[],int,int,org.ietf.jgss.MessageProp)}
+ * methods of the GSSContext interface, an instance of this class will be
+ * used to indicate the applied QOP and confidentiality services over the
+ * supplied message. In the case of verifyMIC, the confidentiality state
+ * will always be "false". Upon return from these methods, this object will
+ * also contain any supplementary status values applicable to the processed
+ * token. The supplementary status values can indicate old tokens, out
+ * of sequence tokens, gap tokens or duplicate tokens.</p>
+ */
+public class MessageProp
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private int qopVal;
+ private boolean privState;
+ private boolean duplicate;
+ private boolean old;
+ private boolean unseq;
+ private boolean gap;
+ private int minorStatus;
+ private String minorString;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Constructor which sets QOP to 0 indicating that the default QOP is
+ * requested.</p>
+ *
+ * @param privState The desired privacy state. "true" for privacy and
+ * "false" for integrity only.
+ */
+ public MessageProp(boolean privState)
+ {
+ this(0, privState);
+ }
+
+ /**
+ * <p>Constructor which sets the values for the qop and privacy state.</p>
+ *
+ * @param qop The desired QOP. Use 0 to request a default QOP.
+ * @param privState The desired privacy state. "true" for privacy and
+ * "false" for integrity only.
+ */
+ public MessageProp(int qop, boolean privState)
+ {
+ this.qopVal = qop;
+ this.privState = privState;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Retrieves the QOP value.
+ *
+ * @return The QOP value.
+ */
+ public int getQOP()
+ {
+ return qopVal;
+ }
+
+ /**
+ * Retrieves the privacy state.
+ *
+ * @return The privacy state.
+ */
+ public boolean getPrivacy()
+ {
+ return privState;
+ }
+
+ /**
+ * Retrieves the minor status that the underlying mechanism might have
+ * set.
+ *
+ * @return The minor status.
+ */
+ public int getMinorStatus()
+ {
+ return minorStatus;
+ }
+
+ /**
+ * Returns a string explaining the mechanism specific error code.
+ * <code>null</code> will be returned when no mechanism error code has
+ * been set.
+ *
+ * @return The minor status string.
+ */
+ public String getMinorString()
+ {
+ return minorString;
+ }
+
+ /**
+ * Sets the QOP value.
+ *
+ * @param qopVal The QOP value to be set. Use 0 to request a default
+ * QOP value.
+ */
+ public void setQOP(int qopVal)
+ {
+ this.qopVal = qopVal;
+ }
+
+ /**
+ * Sets the privacy state.
+ *
+ * @param privState The privacy state to set.
+ */
+ public void setPrivacy(boolean privState)
+ {
+ this.privState = privState;
+ }
+
+ /**
+ * Returns "true" if this is a duplicate of an earlier token.
+ *
+ * @return True if this is a duplicate of an earlier token.
+ */
+ public boolean isDuplicateToken()
+ {
+ return duplicate;
+ }
+
+ /**
+ * Returns "true" if the token's validity period has expired.
+ *
+ * @return True if the token's validity period has expired.
+ */
+ public boolean isOldToken()
+ {
+ return old;
+ }
+
+ /**
+ * Returns "true" if a later token has already been processed.
+ *
+ * @return True if a later token has already been processed.
+ */
+ public boolean isUnseqToken()
+ {
+ return unseq;
+ }
+
+ /**
+ * Returns "true" if an expected per-message token was not received.
+ *
+ * @return True if an expected per-message token was not received.
+ */
+ public boolean isGapToken()
+ {
+ return gap;
+ }
+
+ /**
+ * This method sets the state for the supplementary information flags
+ * and the minor status in MessageProp. It is not used by the
+ * application but by the GSS implementation to return this information
+ * to the caller of a per-message context method.
+ *
+ * @param duplicate True if the token was a duplicate of an earlier
+ * token, false otherwise.
+ * @param old True if the token's validity period has expired,
+ * false otherwise.
+ * @param unseq True if a later token has already been processed,
+ * false otherwise.
+ * @param gap True if one or more predecessor tokens have not yet
+ * been successfully processed, false otherwise.
+ * @param minorStatus The integer minor status code that the underlying
+ * mechanism wants to set.
+ * @param minorString The textual representation of the minorStatus
+ * value.
+ */
+ public void setSupplementaryStates(boolean duplicate, boolean old,
+ boolean unseq, boolean gap,
+ int minorStatus, String minorString)
+ {
+ this.duplicate = duplicate;
+ this.old = old;
+ this.unseq = unseq;
+ this.gap = gap;
+ this.minorStatus = minorStatus;
+ this.minorString = minorString;
+ }
+}
--- /dev/null
+# MessagesBundle.properties -- English GSS messages.
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is a part of GNU Classpath.
+#
+# GNU Classpath is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+#
+# GNU Classpath is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Classpath; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+#
+# Linking this library statically or dynamically with other modules is
+# making a combined work based on this library. Thus, the terms and
+# conditions of the GNU General Public License cover the whole
+# combination.
+#
+# As a special exception, the copyright holders of this library give
+# you permission to link this library with independent modules to
+# produce an executable, regardless of the license terms of these
+# independent modules, and to copy and distribute the resulting
+# executable under terms of your choice, provided that you also meet,
+# for each linked independent module, the terms and conditions of the
+# license of that module. An independent module is a module which is
+# not derived from or based on this library. If you modify this
+# library, you may extend this exception to your version of the
+# library, but you are not obligated to do so. If you do not wish to
+# do so, delete this exception statement from your version.
+
+GSSException.BAD_MECH=An unsupported mechanism was requested.
+GSSException.BAD_NAME=An invalid name was supplied.
+GSSException.BAD_NAMETYPE=A supplied name was of an unsupported type.
+GSSException.BAD_BINDINGS=Incorrect channel bindings were supplied.
+GSSException.BAD_STATUS=An invalid status code was supplied.
+GSSException.BAD_MIC=A token had an invalid MIC.
+GSSException.NO_CRED=No credentials were supplied, or the credentials were unavailable or inaccessible.
+GSSException.NO_CONTEXT=Invalid context has been supplied.
+GSSException.DEFECTIVE_TOKEN=A supplied token was invalid.
+GSSException.DEFECTIVE_CREDENTIAL=A supplied credential was invalid.
+GSSException.CREDENTIALS_EXPIRED=The referenced credentials have expired.
+GSSException.CONTEXT_EXPIRED=The context has expired.
+GSSException.FAILURE=Miscellaneous failure.
+GSSException.BAD_QOP=The quality-of-protection requested could not be provided.
+GSSException.UNAUTHORIZED=The operation is forbidden by local security policy.
+GSSException.UNAVAILABLE=The operation or option is unavailable.
+GSSException.DUPLICATE_ELEMENT=The requested credential element already exists.
+GSSException.NAME_NOT_MN=The provided name was not a mechanism name.
+GSSException.OLD_TOKEN=The token\'s validity period has expired.
+GSSException.DUPLICATE_TOKEN=The token was a duplicate of an earlier version.
+GSSException.UNSEQ_TOKEN=A later token has already been processed.
+GSSException.GAP_TOKEN=An expected per-message token was not received.
+
--- /dev/null
+/* Oid.java -- Object identifier class.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+/* The documentation comments of this class are derived from the text
+ of RFC 2853: Generic Security Service API Version 2: Java Bindings.
+ That document is covered under the following license notice:
+
+Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of developing
+Internet standards in which case the procedures for copyrights defined
+in the Internet Standards process must be followed, or as required to
+translate it into languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
+WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
+
+
+package org.ietf.jgss;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.InputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+import java.math.BigInteger;
+
+import java.util.Arrays;
+import java.util.StringTokenizer;
+
+/**
+ * <p>This class represents Universal Object Identifiers (Oids) and their
+ * associated operations.</p>
+ *
+ * <p>Oids are hierarchically globally-interpretable identifiers used
+ * within the GSS-API framework to identify mechanisms and name formats.</p>
+ *
+ * <p>The structure and encoding of Oids is defined in ISOIEC-8824 and
+ * ISOIEC-8825. For example the Oid representation of Kerberos V5
+ * mechanism is "1.2.840.113554.1.2.2".</p>
+ *
+ * <p>The {@link GSSName} name class contains <code>public static Oid</code>
+ * objects representing the standard name types defined in GSS-API.</p>
+ */
+public class Oid
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ private static final int OBJECT_IDENTIFIER = 0x06;
+ private static final int RELATIVE_OID = 0x0d;
+
+ private final int[] components;
+ private byte[] derOid;
+ private String strOid;
+ private boolean relative;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates an Oid object from a string representation of its integer
+ * components (e.g. "1.2.840.113554.1.2.2").
+ *
+ * @param strOid The string representation for the oid.
+ * @throws GSSException If the argument is badly formed.
+ */
+ public Oid(String strOid) throws GSSException
+ {
+ if (strOid == null)
+ throw new NullPointerException();
+ this.strOid = strOid;
+ try
+ {
+ StringTokenizer tok = new StringTokenizer(strOid, ".");
+ components = new int[tok.countTokens()];
+ int i = 0;
+ while (tok.hasMoreTokens() && i < components.length)
+ {
+ components[i++] = Integer.parseInt(tok.nextToken());
+ }
+ }
+ catch (Exception x)
+ {
+ throw new GSSException(GSSException.FAILURE);
+ }
+ relative = false;
+ }
+
+ /**
+ * Creates an Oid object from its DER encoding. This refers to the full
+ * encoding including tag and length. The structure and encoding of
+ * Oids is defined in ISOIEC-8824 and ISOIEC-8825. This method is
+ * identical in functionality to its byte array counterpart.
+ *
+ * @param derOid Stream containing the DER encoded oid.
+ * @throws GSSException If the DER stream is badly formed, or if the
+ * input stream throws an exception.
+ */
+ public Oid(InputStream derOid) throws GSSException
+ {
+ DataInputStream in = new DataInputStream(derOid);
+ try
+ {
+ int tag = in.read() & 0x1F;
+ if (tag != OBJECT_IDENTIFIER && tag != RELATIVE_OID)
+ throw new IOException();
+ int len = in.read();
+ if ((len & ~0x7F) != 0)
+ {
+ byte[] buf = new byte[len & 0x7F];
+ in.readFully(buf);
+ len = new BigInteger(1, buf).intValue();
+ }
+ if (len < 0)
+ throw new IOException();
+ byte[] enc = new byte[len];
+ in.readFully(enc);
+ int[] comp = new int[len + 1];
+ int count = 0;
+ int i = 0;
+ relative = tag == RELATIVE_OID;
+ if (!relative && i < len)
+ {
+ int j = (enc[i] & 0xFF);
+ comp[count++] = j / 40;
+ comp[count++] = j % 40;
+ i++;
+ }
+ while (i < len)
+ {
+ int j = 0;
+ do
+ {
+ j = enc[i++] & 0xFF;
+ comp[count] <<= 7;
+ comp[count] |= j & 0x7F;
+ if (i >= len && (j & 0x80) != 0)
+ throw new IOException();
+ }
+ while ((j & 0x80) != 0);
+ count++;
+ }
+ if (count == len)
+ this.components = comp;
+ else
+ {
+ this.components = new int[count];
+ System.arraycopy(comp, 0, components, 0, count);
+ }
+ }
+ catch (IOException ioe)
+ {
+ throw new GSSException(GSSException.FAILURE);
+ }
+ }
+
+ /**
+ * Creates an Oid object from its DER encoding. This refers to the full
+ * encoding including tag and length. The structure and encoding of
+ * Oids is defined in ISOIEC-8824 and ISOIEC-8825. This method is
+ * identical in functionality to its streaming counterpart.
+ *
+ * @param derOid Byte array storing a DER encoded oid.
+ * @throws GSSException If the DER bytes are badly formed.
+ */
+ public Oid(byte[] derOid) throws GSSException
+ {
+ this(new ByteArrayInputStream(derOid));
+ this.derOid = (byte[]) derOid.clone();
+ }
+
+ Oid(int[] components)
+ {
+ this.components = components;
+ relative = false;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns a string representation of the oid's integer components in
+ * dot separated notation (e.g. "1.2.840.113554.1.2.2").
+ *
+ * @return The string representation of this oid.
+ */
+ public String toString()
+ {
+ if (strOid == null)
+ {
+ StringBuffer buf = new StringBuffer();
+ for (int i = 0; i < components.length; i++)
+ {
+ buf.append(components[i]);
+ if (i < components.length - 1)
+ buf.append('.');
+ }
+ strOid = buf.toString();
+ }
+ return strOid;
+ }
+
+ /**
+ * Returns the full ASN.1 DER encoding for this oid object, which
+ * includes the tag and length.
+ *
+ * @return The ASN.1 DER encoding for this oid.
+ * @throws GSSException If encoding fails.
+ */
+ public byte[] getDER() throws GSSException
+ {
+ if (derOid == null)
+ {
+ ByteArrayOutputStream out = new ByteArrayOutputStream(256);
+ try
+ {
+ int i = 0;
+ if (!relative)
+ {
+ int b = components[i++] * 40 + (components.length > 1
+ ? components[i++] : 0);
+ encodeSubId(out, b);
+ }
+ for ( ; i < components.length; i++)
+ encodeSubId(out, components[i]);
+ byte[] oid = out.toByteArray();
+ out.reset();
+ if (relative)
+ out.write(RELATIVE_OID);
+ else
+ out.write(OBJECT_IDENTIFIER);
+ if (oid.length < 128)
+ out.write(oid.length);
+ else if (oid.length < 256)
+ {
+ out.write(0x81);
+ out.write(oid.length);
+ }
+ else if (oid.length < 65536)
+ {
+ out.write(0x82);
+ out.write((oid.length >>> 8) & 0xFF);
+ out.write(oid.length & 0xFF);
+ }
+ else if (oid.length < 16777216)
+ {
+ out.write(0x83);
+ out.write((oid.length >>> 16) & 0xFF);
+ out.write((oid.length >>> 8) & 0xFF);
+ out.write(oid.length & 0xFF);
+ }
+ else
+ {
+ out.write(0x84);
+ out.write((oid.length >>> 24) & 0xFF);
+ out.write((oid.length >>> 16) & 0xFF);
+ out.write((oid.length >>> 8) & 0xFF);
+ out.write(oid.length & 0xFF);
+ }
+ out.write(oid);
+ }
+ catch (IOException ioe)
+ {
+ throw new GSSException(GSSException.FAILURE);
+ }
+ derOid = out.toByteArray();
+ }
+ return (byte[]) derOid.clone();
+ }
+
+ /**
+ * A utility method to test if an Oid object is contained within the
+ * supplied Oid object array.
+ *
+ * @param oids An array of oids to search.
+ * @return True if this oid is contained in the given array.
+ */
+ public boolean containedIn(Oid[] oids)
+ {
+ for (int i = 0; i < oids.length; i++)
+ {
+ if (equals(oids[i]))
+ return true;
+ }
+ return false;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (!(o instanceof Oid))
+ return false;
+ Oid that = (Oid) o;
+ return Arrays.equals(components, that.components);
+ }
+
+ public int hashCode()
+ {
+ int code = 0;
+ for (int i = 0; i < components.length; i++)
+ code += components[i];
+ return code;
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private static void encodeSubId(OutputStream out, int id) throws IOException
+ {
+ if (id < 128)
+ {
+ out.write(id);
+ }
+ else if (id < 16384)
+ {
+ out.write((id >>> 7) | 0x80);
+ out.write(id & 0x7F);
+ }
+ else if (id < 2097152)
+ {
+ out.write((id >>> 14) | 0x80);
+ out.write(((id >>> 7) | 0x80) & 0xFF);
+ out.write(id & 0x7F);
+ }
+ else if (id < 268435456)
+ {
+ out.write( (id >>> 21) | 0x80);
+ out.write(((id >>> 14) | 0x80) & 0xFF);
+ out.write(((id >>> 7) | 0x80) & 0xFF);
+ out.write(id & 0x7F);
+ }
+ }
+}