Index: modules/security/src/test/impl/java/org/apache/harmony/security/tests/provider/cert/X509CertImplTest.java =================================================================== --- modules/security/src/test/impl/java/org/apache/harmony/security/tests/provider/cert/X509CertImplTest.java (revision 452371) +++ modules/security/src/test/impl/java/org/apache/harmony/security/tests/provider/cert/X509CertImplTest.java (working copy) @@ -112,6 +112,7 @@ ObjectIdentifier.toIntArray("1.3.6.1.4.1.311.10.3.3"), // MS Server Gated Cryptography ObjectIdentifier.toIntArray("2.16.840.1.113730.4.1"), // Netscape Server Gated Cryptography }); + static NameConstraints nameConstraints; int extnBCLen = 5; static GeneralNames extnSANames; static GeneralNames extnIANames; @@ -127,10 +128,27 @@ new GeneralName(7, "255.255.255.0"), new GeneralName(8, "1.2.3.4444.55555") })); + GeneralSubtrees permittedNames = new GeneralSubtrees() + .addSubtree(new GeneralSubtree( + new GeneralName(1, "rfc@822.Name"), 1, 2)) + .addSubtree(new GeneralSubtree( + new GeneralName(2, "dNSName"))) + .addSubtree(new GeneralSubtree( + new GeneralName(8, "1.2.3.4444.55555"), 2)); + GeneralSubtrees excludedNames = new GeneralSubtrees() + .addSubtree(new GeneralSubtree( + new GeneralName(1, "rfc@822.BadName"), 1, 2)) + .addSubtree(new GeneralSubtree( + new GeneralName(2, "BadDNSName"))) + .addSubtree(new GeneralSubtree( + new GeneralName(8, "2.3.4.4444.222"), 2)); + nameConstraints = + new NameConstraints(permittedNames, excludedNames); } catch (IOException e) { // should not be thrown e.printStackTrace(); extnSANames = new GeneralNames(); + nameConstraints = new NameConstraints(); } extnIANames = extnSANames; @@ -162,8 +180,7 @@ new Extension("2.5.29.17", true, new AlternativeName(AlternativeName.SUBJECT, extnSANames)), // Name Constraints - new Extension("2.5.29.30", true, - new NameConstraints().getEncoded()), + new Extension("2.5.29.30", true, nameConstraints), // Policy Constraints new Extension("2.5.29.36", true, new PolicyConstraints(1, 2)), // Extended Key Usage @@ -184,10 +201,13 @@ new AlternativeName(AlternativeName.ISSUER, extnSANames)), // CRL Distribution Points new Extension("2.5.29.31", false, - new ASN1Sequence(new ASN1Type[] {}) { - protected void getValues(Object object, Object[] values) { - } - }.encode(null)), + new CRLDistributionPoints(Arrays.asList(new DistributionPoint[] { + new DistributionPoint( + new DistributionPointName(extnSANames), + new ReasonFlags(extnKeyUsage), + extnSANames + ), + }))), // Authority Key Identifier new Extension("2.5.29.35", false, new AuthorityKeyIdentifier( Index: modules/security/src/test/impl/java/org/apache/harmony/security/tests/provider/cert/X509CertFactoryPerfTest.java =================================================================== --- modules/security/src/test/impl/java/org/apache/harmony/security/tests/provider/cert/X509CertFactoryPerfTest.java (revision 452371) +++ modules/security/src/test/impl/java/org/apache/harmony/security/tests/provider/cert/X509CertFactoryPerfTest.java (working copy) @@ -110,6 +110,7 @@ ObjectIdentifier.toIntArray("1.3.6.1.4.1.311.10.3.3"), // MS Server Gated Cryptography ObjectIdentifier.toIntArray("2.16.840.1.113730.4.1"), // Netscape Server Gated Cryptography }); + static NameConstraints nameConstraints; static int extnBCLen = 5; static GeneralNames extnSANames; static GeneralNames extnIANames; @@ -125,10 +126,27 @@ new GeneralName(7, "255.255.255.0"), new GeneralName(8, "1.2.3.4444.55555") })); + GeneralSubtrees permittedNames = new GeneralSubtrees() + .addSubtree(new GeneralSubtree( + new GeneralName(1, "rfc@822.Name"), 1, 2)) + .addSubtree(new GeneralSubtree( + new GeneralName(2, "dNSName"))) + .addSubtree(new GeneralSubtree( + new GeneralName(8, "1.2.3.4444.55555"), 2)); + GeneralSubtrees excludedNames = new GeneralSubtrees() + .addSubtree(new GeneralSubtree( + new GeneralName(1, "rfc@822.BadName"), 1, 2)) + .addSubtree(new GeneralSubtree( + new GeneralName(2, "BadDNSName"))) + .addSubtree(new GeneralSubtree( + new GeneralName(8, "2.3.4.4444.222"), 2)); + nameConstraints = + new NameConstraints(permittedNames, excludedNames); } catch (IOException e) { // should not be thrown e.printStackTrace(); extnSANames = new GeneralNames(); + nameConstraints = new NameConstraints(); } extnIANames = extnSANames; @@ -163,8 +181,7 @@ new Extension("2.5.29.17", true, new AlternativeName(AlternativeName.SUBJECT, extnSANames)), // Name Constraints - new Extension("2.5.29.30", true, - new NameConstraints().getEncoded()), + new Extension("2.5.29.30", true, nameConstraints), // Policy Constraints new Extension("2.5.29.36", true, new PolicyConstraints(1, 2)), // Extended Key Usage @@ -183,10 +200,13 @@ new AlternativeName(AlternativeName.ISSUER, extnSANames)), // CRL Distribution Points new Extension("2.5.29.31", false, - new ASN1Sequence(new ASN1Type[] {}) { - protected void getValues(Object object, Object[] values) { - } - }.encode(null)), + new CRLDistributionPoints(Arrays.asList(new DistributionPoint[] { + new DistributionPoint( + new DistributionPointName(extnSANames), + new ReasonFlags(extnKeyUsage), + extnSANames + ), + }))), // Authority Key Identifier new Extension("2.5.29.35", false, new AuthorityKeyIdentifier( Index: modules/security/src/main/java/common/org/apache/harmony/security/x509/PolicyInformation.java =================================================================== --- modules/security/src/main/java/common/org/apache/harmony/security/x509/PolicyInformation.java (revision 452371) +++ modules/security/src/main/java/common/org/apache/harmony/security/x509/PolicyInformation.java (working copy) @@ -22,6 +22,7 @@ package org.apache.harmony.security.x509; +import org.apache.harmony.security.asn1.ASN1Any; import org.apache.harmony.security.asn1.ASN1Oid; import org.apache.harmony.security.asn1.ASN1Sequence; import org.apache.harmony.security.asn1.ASN1Type; @@ -86,7 +87,10 @@ * ASN.1 DER X.509 PolicyInformation encoder/decoder class. */ public static final ASN1Sequence ASN1 = new ASN1Sequence( - new ASN1Type[] { ASN1Oid.getInstance() }) { + new ASN1Type[] { ASN1Oid.getInstance(), ASN1Any.getInstance() }) { + { + setOptional(1); + } protected Object getDecodedObject(BerInputStream in) { Object[] values = (Object[]) in.content; Index: modules/security/src/main/java/common/org/apache/harmony/security/x509/Extension.java =================================================================== --- modules/security/src/main/java/common/org/apache/harmony/security/x509/Extension.java (revision 452371) +++ modules/security/src/main/java/common/org/apache/harmony/security/x509/Extension.java (working copy) @@ -91,9 +91,11 @@ // crl extensions: public static final int[] ISSUING_DISTR_POINT = {2, 5, 29, 28}; // crl entry extensions: + public static final int[] CRL_NUMBER = {2, 5, 29, 20}; public static final int[] CERTIFICATE_ISSUER = {2, 5, 29, 29}; public static final int[] INVALIDITY_DATE = {2, 5, 29, 24}; public static final int[] REASON_CODE = {2, 5, 29, 21}; + public static final int[] ISSUING_DISTR_POINTS = {2, 5, 29, 28}; // the value of extnID field of the structure private final int[] extnID; @@ -297,6 +299,8 @@ AlternativeName.SUBJECT, extnValue); } else if (oidEquals(extnID, BASIC_CONSTRAINTS)) { extnValueObject = new BasicConstraints(extnValue); + } else if (oidEquals(extnID, NAME_CONSTRAINTS)) { + extnValueObject = NameConstraints.decode(extnValue); } else if (oidEquals(extnID, CERTIFICATE_POLICIES)) { extnValueObject = CertificatePolicies.decode(extnValue); } else if (oidEquals(extnID, AUTH_KEY_ID)) { @@ -309,8 +313,18 @@ extnValueObject = new InhibitAnyPolicy(extnValue); } else if (oidEquals(extnID, CERTIFICATE_ISSUER)) { extnValueObject = new CertificateIssuer(extnValue); + } else if (oidEquals(extnID, CRL_DISTR_POINTS)) { + extnValueObject = CRLDistributionPoints.decode(extnValue); } else if (oidEquals(extnID, CERTIFICATE_ISSUER)) { extnValueObject = new ReasonCode(extnValue); + } else if (oidEquals(extnID, INVALIDITY_DATE)) { + extnValueObject = new InvalidityDate(extnValue); + } else if (oidEquals(extnID, REASON_CODE)) { + extnValueObject = new ReasonCode(extnValue); + } else if (oidEquals(extnID, CRL_NUMBER)) { + extnValueObject = new CRLNumber(extnValue); + } else if (oidEquals(extnID, ISSUING_DISTR_POINTS)) { + extnValueObject = IssuingDistributionPoint.decode(extnValue); } } Index: modules/security/src/main/java/common/org/apache/harmony/security/x509/CRLDistributionPoints.java =================================================================== --- modules/security/src/main/java/common/org/apache/harmony/security/x509/CRLDistributionPoints.java (revision 452371) +++ modules/security/src/main/java/common/org/apache/harmony/security/x509/CRLDistributionPoints.java (working copy) @@ -22,7 +22,8 @@ package org.apache.harmony.security.x509; -import java.util.ArrayList; +import java.io.IOException; +import java.util.Iterator; import java.util.Collection; import java.util.List; @@ -33,7 +34,7 @@ /** * The class incapsulates the ASN.1 DER encoding/decoding work - * with the CRL Distribution Points which is the part of X.509 CRL + * with the CRL Distribution Points which is the part of X.509 Certificate * (as specified in RFC 3280 - * Internet X.509 Public Key Infrastructure. * Certificate and Certificate Revocation List (CRL) Profile. @@ -94,7 +95,13 @@ } return encoding; } - + + public static CRLDistributionPoints decode(byte[] encoding) + throws IOException { + CRLDistributionPoints cdp = (CRLDistributionPoints) ASN1.decode(encoding); + return cdp; + } + /** * Custom X.509 decoder. */ @@ -108,9 +115,7 @@ public Collection getValues(Object object) { CRLDistributionPoints dps = (CRLDistributionPoints) object; - return (dps.distributionPoints == null) - ? new ArrayList() - : dps.distributionPoints; + return dps.distributionPoints; } }; } Index: modules/security/src/main/java/common/org/apache/harmony/security/x509/AlternativeName.java =================================================================== --- modules/security/src/main/java/common/org/apache/harmony/security/x509/AlternativeName.java (revision 452371) +++ modules/security/src/main/java/common/org/apache/harmony/security/x509/AlternativeName.java (working copy) @@ -86,16 +86,11 @@ * Places the string representation of extension value * into the StringBuffer object. */ - public void dumpValue(StringBuffer buffer) { - buffer.append((which) ? "Subject" : "Issuer") - .append(" Alternative Names [\n"); - for (Iterator it=alternativeNames.generalNames.iterator(); - it.hasNext();) { - buffer.append(" "); - buffer.append(it.next()); - buffer.append("\n"); - } - buffer.append("]\n"); + public void dumpValue(StringBuffer buffer, String prefix) { + buffer.append(prefix).append((which) ? "Subject" : "Issuer") //$NON-NLS-1$ //$NON-NLS-2$ + .append(" Alternative Names [\n"); //$NON-NLS-1$ + alternativeNames.dumpValue(buffer, prefix + " "); //$NON-NLS-1$ + buffer.append(prefix).append("]\n"); //$NON-NLS-1$ } } Index: modules/security/src/main/java/common/org/apache/harmony/security/x509/GeneralSubtrees.java =================================================================== --- modules/security/src/main/java/common/org/apache/harmony/security/x509/GeneralSubtrees.java (revision 452371) +++ modules/security/src/main/java/common/org/apache/harmony/security/x509/GeneralSubtrees.java (working copy) @@ -80,12 +80,13 @@ * @param subtree: GeneralSubtree * @return */ - public void addSubtree(GeneralSubtree subtree) { + public GeneralSubtrees addSubtree(GeneralSubtree subtree) { encoding = null; if (generalSubtrees == null) { generalSubtrees = new ArrayList(); } generalSubtrees.add(subtree); + return this; } /** Index: modules/security/src/main/java/common/org/apache/harmony/security/x509/GeneralNames.java =================================================================== --- modules/security/src/main/java/common/org/apache/harmony/security/x509/GeneralNames.java (revision 452371) +++ modules/security/src/main/java/common/org/apache/harmony/security/x509/GeneralNames.java (working copy) @@ -51,7 +51,7 @@ public class GeneralNames { // the values of GeneralName - protected List generalNames; + private List generalNames; // the ASN.1 encoded form of GeneralNames private byte[] encoding; @@ -150,6 +150,21 @@ } /** + * Places the string representation of extension value + * into the StringBuffer object. + */ + public void dumpValue(StringBuffer buffer, String prefix) { + if (generalNames == null) { + return; + } + for (Iterator it=generalNames.iterator(); it.hasNext();) { + buffer.append(prefix); + buffer.append(it.next()); + buffer.append('\n'); + } + } + + /** * ASN.1 DER X.509 GeneralNames encoder/decoder class. */ public static final ASN1Type ASN1 = new ASN1SequenceOf(GeneralName.ASN1) { Index: modules/security/src/main/java/common/org/apache/harmony/security/x509/NameConstraints.java =================================================================== --- modules/security/src/main/java/common/org/apache/harmony/security/x509/NameConstraints.java (revision 452371) +++ modules/security/src/main/java/common/org/apache/harmony/security/x509/NameConstraints.java (working copy) @@ -57,7 +57,7 @@ * @see org.apache.harmony.security.x509.GeneralSubtree * @see org.apache.harmony.security.x509.GeneralName */ -public class NameConstraints { +public class NameConstraints extends ExtensionValue { // the value of permittedSubtrees field of the structure private final GeneralSubtrees permittedSubtrees; @@ -113,6 +113,10 @@ this(permittedSubtrees, excludedSubtrees); this.encoding = encoding; } + + public static NameConstraints decode(byte[] encoding) throws IOException { + return (NameConstraints) ASN1.decode(encoding); + } /** * Returns ASN.1 encoded form of this X.509 NameConstraints value. @@ -267,7 +271,7 @@ } return true; } - + /** * X.509 NameConstraints encoder/decoder. */