1 /* |
1 /* |
2 * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved. |
2 * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Sun designates this |
7 * published by the Free Software Foundation. Sun designates this |
27 |
27 |
28 import java.math.BigInteger; |
28 import java.math.BigInteger; |
29 import java.util.Collection; |
29 import java.util.Collection; |
30 import java.util.Date; |
30 import java.util.Date; |
31 import java.util.Set; |
31 import java.util.Set; |
|
32 import java.security.GeneralSecurityException; |
32 import java.security.KeyFactory; |
33 import java.security.KeyFactory; |
33 import java.security.PublicKey; |
34 import java.security.PublicKey; |
|
35 import java.security.SignatureException; |
34 import java.security.cert.Certificate; |
36 import java.security.cert.Certificate; |
|
37 import java.security.cert.CertificateExpiredException; |
|
38 import java.security.cert.CertificateNotYetValidException; |
|
39 import java.security.cert.CertPathValidatorException; |
|
40 import java.security.cert.CertPathValidatorException.BasicReason; |
35 import java.security.cert.X509Certificate; |
41 import java.security.cert.X509Certificate; |
36 import java.security.cert.PKIXCertPathChecker; |
42 import java.security.cert.PKIXCertPathChecker; |
37 import java.security.cert.CertPathValidatorException; |
43 import java.security.cert.PKIXReason; |
38 import java.security.cert.TrustAnchor; |
44 import java.security.cert.TrustAnchor; |
39 import java.security.interfaces.DSAParams; |
45 import java.security.interfaces.DSAParams; |
40 import java.security.interfaces.DSAPublicKey; |
46 import java.security.interfaces.DSAPublicKey; |
41 import java.security.spec.DSAPublicKeySpec; |
47 import java.security.spec.DSAPublicKeySpec; |
42 import javax.security.auth.x500.X500Principal; |
48 import javax.security.auth.x500.X500Principal; |
150 if (debug != null) |
156 if (debug != null) |
151 debug.println("---checking " + msg + "..."); |
157 debug.println("---checking " + msg + "..."); |
152 |
158 |
153 try { |
159 try { |
154 cert.verify(prevPubKey, sigProvider); |
160 cert.verify(prevPubKey, sigProvider); |
155 } catch (Exception e) { |
161 } catch (SignatureException e) { |
156 if (debug != null) { |
162 throw new CertPathValidatorException |
157 debug.println(e.getMessage()); |
163 (msg + " check failed", e, null, -1, |
158 e.printStackTrace(); |
164 BasicReason.INVALID_SIGNATURE); |
159 } |
165 } catch (GeneralSecurityException e) { |
160 throw new CertPathValidatorException(msg + " check failed", e); |
166 throw new CertPathValidatorException(msg + " check failed", e); |
161 } |
167 } |
162 |
168 |
163 if (debug != null) |
169 if (debug != null) |
164 debug.println(msg + " verified."); |
170 debug.println(msg + " verified."); |
174 if (debug != null) |
180 if (debug != null) |
175 debug.println("---checking " + msg + ":" + date.toString() + "..."); |
181 debug.println("---checking " + msg + ":" + date.toString() + "..."); |
176 |
182 |
177 try { |
183 try { |
178 cert.checkValidity(date); |
184 cert.checkValidity(date); |
179 } catch (Exception e) { |
185 } catch (CertificateExpiredException e) { |
180 if (debug != null) { |
186 throw new CertPathValidatorException |
181 debug.println(e.getMessage()); |
187 (msg + " check failed", e, null, -1, BasicReason.EXPIRED); |
182 e.printStackTrace(); |
188 } catch (CertificateNotYetValidException e) { |
183 } |
189 throw new CertPathValidatorException |
184 throw new CertPathValidatorException(msg + " check failed", e); |
190 (msg + " check failed", e, null, -1, BasicReason.NOT_YET_VALID); |
185 } |
191 } |
186 |
192 |
187 if (debug != null) |
193 if (debug != null) |
188 debug.println(msg + " verified."); |
194 debug.println(msg + " verified."); |
189 } |
195 } |
202 |
208 |
203 X500Principal currIssuer = cert.getIssuerX500Principal(); |
209 X500Principal currIssuer = cert.getIssuerX500Principal(); |
204 // reject null or empty issuer DNs |
210 // reject null or empty issuer DNs |
205 |
211 |
206 if (X500Name.asX500Name(currIssuer).isEmpty()) { |
212 if (X500Name.asX500Name(currIssuer).isEmpty()) { |
207 throw new CertPathValidatorException(msg + " check failed: " + |
213 throw new CertPathValidatorException |
208 "empty/null issuer DN in certificate is invalid"); |
214 (msg + " check failed: " + |
|
215 "empty/null issuer DN in certificate is invalid", null, |
|
216 null, -1, PKIXReason.NAME_CHAINING); |
209 } |
217 } |
210 |
218 |
211 if (!(currIssuer.equals(prevSubject))) { |
219 if (!(currIssuer.equals(prevSubject))) { |
212 throw new CertPathValidatorException(msg + " check failed"); |
220 throw new CertPathValidatorException |
|
221 (msg + " check failed", null, null, -1, |
|
222 PKIXReason.NAME_CHAINING); |
213 } |
223 } |
214 |
224 |
215 if (debug != null) |
225 if (debug != null) |
216 debug.println(msg + " verified."); |
226 debug.println(msg + " verified."); |
217 } |
227 } |
268 DSAPublicKeySpec ks = new DSAPublicKeySpec(y, |
278 DSAPublicKeySpec ks = new DSAPublicKeySpec(y, |
269 params.getP(), |
279 params.getP(), |
270 params.getQ(), |
280 params.getQ(), |
271 params.getG()); |
281 params.getG()); |
272 usableKey = kf.generatePublic(ks); |
282 usableKey = kf.generatePublic(ks); |
273 } catch (Exception e) { |
283 } catch (GeneralSecurityException e) { |
274 throw new CertPathValidatorException("Unable to generate key with" + |
284 throw new CertPathValidatorException("Unable to generate key with" + |
275 " inherited parameters: " + |
285 " inherited parameters: " + |
276 e.getMessage(), e); |
286 e.getMessage(), e); |
277 } |
287 } |
278 return usableKey; |
288 return usableKey; |