Menu
▾
▴
cryptix-commits — CVS commits for code inside this project.
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
(45) |
Mar
(7) |
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(21) |
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
(3) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ed...@mx...> - 2003-02-04 13:13:58
|
edwin 03/02/04 08:22:03
Modified: openpgp/src/cryptix/openpgp/provider PGPCertificateImpl.java
Log:
Parse the signature subpackets on demand.
Revision Changes Path
1.3 +26 -4 projects/openpgp/src/cryptix/openpgp/provider/PGPCertificateImpl.java
Index: PGPCertificateImpl.java
===================================================================
RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/provider/PGPCertificateImpl.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- PGPCertificateImpl.java 3 Feb 2003 15:04:00 -0000 1.2
+++ PGPCertificateImpl.java 4 Feb 2003 13:22:03 -0000 1.3
@@ -1,4 +1,4 @@
-/* $Id: PGPCertificateImpl.java,v 1.2 2003/02/03 15:04:00 edwin Exp $
+/* $Id: PGPCertificateImpl.java,v 1.3 2003/02/04 13:22:03 edwin Exp $
*
* Copyright (C) 1999-2001 The Cryptix Foundation Limited.
* All rights reserved.
@@ -14,6 +14,7 @@
import cryptix.openpgp.PGPCertificate;
import cryptix.openpgp.PGPDataFormatException;
+import cryptix.openpgp.PGPFatalDataFormatException;
import cryptix.openpgp.PGPKey;
import cryptix.openpgp.PGPPrincipal;
import cryptix.openpgp.PGPPublicKey;
@@ -32,6 +33,7 @@
import cryptix.openpgp.signature.PGPBooleanSP;
import cryptix.openpgp.signature.PGPDateSP;
import cryptix.openpgp.signature.PGPKeyFlagsSP;
+import cryptix.openpgp.signature.PGPKeyIDSP;
import cryptix.openpgp.signature.PGPNotationDataSP;
import cryptix.openpgp.signature.PGPSignatureSubPacket;
import cryptix.openpgp.signature.PGPStringSP;
@@ -68,7 +70,7 @@
* An OpenPGP Certificate.
*
* @author Edwin Woudt <ed...@cr...>
- * @version $Revision: 1.2 $
+ * @version $Revision: 1.3 $
*/
public class PGPCertificateImpl extends PGPCertificate {
@@ -136,13 +138,13 @@
PGPPrincipal subject, PGPPublicKey key)
{
super("OpenPGP");
+
this.pkt = pkt;
this.subject = subject;
this.key = key;
}
-
// Methods from java.security.cert.Certificate
// and cryptix.pki.ExtendedCertificate
// ..........................................................................
@@ -386,10 +388,29 @@
}
+ private boolean parsed = false;
+
+ /** Helper method to parse the signature subpackets if necessairy */
+ private void parse()
+ throws CertificateParsingException
+ {
+ try {
+ if (parsed) return;
+ if (pkt.getVersion() > 3) pkt.parseSignatureSubPackets();
+ parsed = true;
+ } catch (PGPDataFormatException pdfe) {
+ throw new CertificateParsingException(""+pdfe);
+ } catch (PGPFatalDataFormatException pfdfe) {
+ throw new CertificateParsingException(""+pfdfe);
+ }
+ }
+
+
/** helper method for getting hashed packets */
private PGPSignatureSubPacket getPacket(byte ID)
throws CertificateParsingException
{
+ parse();
if (pkt.getVersion() == 3) return null;
if (pkt.getVersion() != 4) {
throw new CertificateParsingException(
@@ -434,6 +455,7 @@
private PGPSignatureSubPacket getUnhashedPacket(byte ID)
throws CertificateParsingException
{
+ parse();
if (pkt.getVersion() == 3) return null;
if (pkt.getVersion() != 4) {
throw new CertificateParsingException(
@@ -756,7 +778,7 @@
if (sp == null) {
cachedIssuerKeyID = null;
} else {
- byte[] keyid = ((PGPByteArraySP)sp).getValue();
+ byte[] keyid = ((PGPKeyIDSP)sp).getValue();
cachedIssuerKeyID = new PGPKeyIDImpl(null, keyid, 4);
}
|
|
From: <ed...@mx...> - 2003-02-04 13:12:22
|
edwin 03/02/04 08:20:26
Modified: openpgp/src/cryptix/openpgp/provider PGPKeyIDImpl.java
Log:
Bytes instead of bits. Oops!
Revision Changes Path
1.3 +6 -6 projects/openpgp/src/cryptix/openpgp/provider/PGPKeyIDImpl.java
Index: PGPKeyIDImpl.java
===================================================================
RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/provider/PGPKeyIDImpl.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- PGPKeyIDImpl.java 23 Aug 2001 22:24:38 -0000 1.2
+++ PGPKeyIDImpl.java 4 Feb 2003 13:20:25 -0000 1.3
@@ -1,4 +1,4 @@
-/* $Id: PGPKeyIDImpl.java,v 1.2 2001/08/23 22:24:38 edwin Exp $
+/* $Id: PGPKeyIDImpl.java,v 1.3 2003/02/04 13:20:25 edwin Exp $
*
* Copyright (C) 1999-2001 The Cryptix Foundation Limited.
* All rights reserved.
@@ -31,7 +31,7 @@
* An OpenPGP KeyID.
*
* @author Edwin Woudt <ed...@cr...>
- * @version $Revision: 1.2 $
+ * @version $Revision: 1.3 $
*/
public class PGPKeyIDImpl extends KeyID {
@@ -112,7 +112,7 @@
if (hash != null) {
- if (hash.length != 160)
+ if (hash.length != 20)
throw new IllegalArgumentException(
"Hash length should be 160 bits");
@@ -120,7 +120,7 @@
} else {
- if ((keyid.length != 64) && (keyid.length != 32))
+ if ((keyid.length != 8) && (keyid.length != 4))
throw new IllegalArgumentException(
"KeyID length should be 32 or 64 bits");
@@ -133,7 +133,7 @@
throw new IllegalArgumentException(
"keyid should not be null for V3");
- if ((keyid.length != 64) && (keyid.length != 32))
+ if ((keyid.length != 8) && (keyid.length != 4))
throw new IllegalArgumentException(
"KeyID length should be 32 or 64 bits");
@@ -141,7 +141,7 @@
if (hash != null) {
- if (hash.length != 128)
+ if (hash.length != 16)
throw new IllegalArgumentException(
"Hash length should be 128 bits");
|
|
From: <ed...@mx...> - 2003-02-03 14:56:01
|
edwin 03/02/03 10:04:00
Modified: openpgp CHANGELOG.TXT
openpgp/src/cryptix/openpgp PGPCertificate.java
openpgp/src/cryptix/openpgp/provider PGPCertificateImpl.java
PGPKeyBundleImpl.java
Added: openpgp/src/cryptix/pki ExtendedCertificate.java
Log:
- API change: added cryptix.pki.ExtendedCertificate, which adds a few
common methods for certificates. New additions are: the ability to
check if a certificate is self signed and the ability to verify the
cert with a keybundle.
Revision Changes Path
1.14 +6 -0 projects/openpgp/CHANGELOG.TXT
Index: CHANGELOG.TXT
===================================================================
RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/CHANGELOG.TXT,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- CHANGELOG.TXT 31 Jan 2003 00:56:28 -0000 1.13
+++ CHANGELOG.TXT 3 Feb 2003 15:04:00 -0000 1.14
@@ -1,3 +1,9 @@
+???????? snapshot
+- API change: added cryptix.pki.ExtendedCertificate, which adds a few common
+ methods for certificates. New additions are: the ability to check if a
+ certificate is self signed and the ability to verify the cert with a
+ keybundle.
+
20030131 snapshot
- Added support for encryption with keys without subkeys (like legacy RSA keys).
- Fixed a bug with a PGPDataFormatException("Read tried past end of packet")
1.2 +4 -33 projects/openpgp/src/cryptix/openpgp/PGPCertificate.java
Index: PGPCertificate.java
===================================================================
RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/PGPCertificate.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PGPCertificate.java 4 Aug 2001 04:18:23 -0000 1.1
+++ PGPCertificate.java 3 Feb 2003 15:04:00 -0000 1.2
@@ -1,6 +1,6 @@
-/* $Id: PGPCertificate.java,v 1.1 2001/08/04 04:18:23 edwin Exp $
+/* $Id: PGPCertificate.java,v 1.2 2003/02/03 15:04:00 edwin Exp $
*
- * Copyright (C) 1999-2001 The Cryptix Foundation Limited.
+ * Copyright (C) 1999-2003 The Cryptix Foundation Limited.
* All rights reserved.
*
* Use, modification, copying and distribution of this software is subject
@@ -12,11 +12,9 @@
package cryptix.openpgp;
+import cryptix.pki.ExtendedCertificate;
import cryptix.pki.KeyID;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.util.Date;
@@ -28,9 +26,9 @@
*
* @author Edwin Woudt <ed...@cr...>
* @author Ingo Luetkebohle
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
*/
-public abstract class PGPCertificate extends Certificate {
+public abstract class PGPCertificate extends ExtendedCertificate {
// Constructor
@@ -49,33 +47,6 @@
// Added abstract methods
// ..........................................................................
-
- /**
- * Returns the userID for which this certificate was issued.
- */
- public abstract PGPPrincipal getSubject();
-
-
- /**
- * Checks if this certificate is currently valid.
- *
- * <p>A certificate is valid if date is on or after the creation date and
- * before the expiration date (when available).</p>
- */
- public abstract void checkValidity()
- throws CertificateExpiredException, CertificateNotYetValidException,
- CertificateParsingException;
-
-
- /**
- * Checks if this certificate is valid on a given date.
- *
- * <p>A certificate is valid if date is on or after the creation date and
- * before the expiration date (when available).</p>
- */
- public abstract void checkValidity(Date date)
- throws CertificateExpiredException, CertificateNotYetValidException,
- CertificateParsingException;
/**
* Returns the creation date and time.
1.2 +56 -3 projects/openpgp/src/cryptix/openpgp/provider/PGPCertificateImpl.java
Index: PGPCertificateImpl.java
===================================================================
RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/provider/PGPCertificateImpl.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PGPCertificateImpl.java 7 Aug 2001 05:14:59 -0000 1.1
+++ PGPCertificateImpl.java 3 Feb 2003 15:04:00 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Id: PGPCertificateImpl.java,v 1.1 2001/08/07 05:14:59 edwin Exp $
+/* $Id: PGPCertificateImpl.java,v 1.2 2003/02/03 15:04:00 edwin Exp $
*
* Copyright (C) 1999-2001 The Cryptix Foundation Limited.
* All rights reserved.
@@ -37,7 +37,9 @@
import cryptix.openpgp.signature.PGPStringSP;
import cryptix.openpgp.signature.PGPTrustSP;
+import cryptix.pki.KeyBundle;
import cryptix.pki.KeyID;
+import cryptix.pki.KeyIDFactory;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -47,6 +49,7 @@
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
@@ -65,7 +68,7 @@
* An OpenPGP Certificate.
*
* @author Edwin Woudt <ed...@cr...>
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
*/
public class PGPCertificateImpl extends PGPCertificate {
@@ -119,6 +122,9 @@
private boolean hasCachedIssuerUserID;
private PGPPrincipal cachedIssuerUserID;
+ private boolean hasCachedPublicKeyID;
+ private KeyID cachedPublicKeyID;
+
// Constructor
// ..........................................................................
@@ -137,7 +143,8 @@
-// Methods from java.security.cert.ertificate
+// Methods from java.security.cert.Certificate
+// and cryptix.pki.ExtendedCertificate
// ..........................................................................
/**
@@ -305,6 +312,29 @@
}
+ /**
+ * Verifies that this certificate was signed using the specified keybundle.
+ */
+ public void verify(KeyBundle bundle)
+ throws CertificateException, NoSuchAlgorithmException,
+ InvalidKeyException, NoSuchProviderException, SignatureException
+ {
+ verify((PublicKey)bundle.getPublicKeys().next());
+ }
+
+
+ /**
+ * Returns whether the certificate is self signed
+ */
+ public boolean isSelfSigned()
+ throws CertificateException
+ {
+ if (getIssuerKeyID().match(getPublicKeyID()))
+ return true;
+ return false;
+ }
+
+
// Methods from cryptix.openpgp.PGPCertificate
// ..........................................................................
@@ -313,7 +343,7 @@
/**
* Returns the userID for which this certificate was issued.
*/
- public PGPPrincipal getSubject() {
+ public Principal getSubject() {
return subject;
}
@@ -740,6 +770,29 @@
}
+ /**
+ * Returns the keyID of the public key from this certificate.
+ */
+ public KeyID getPublicKeyID()
+ throws CertificateParsingException
+ {
+ try {
+
+ if (hasCachedPublicKeyID) return cachedPublicKeyID;
+
+ KeyIDFactory kf = KeyIDFactory.getInstance("OpenPGP");
+ cachedPublicKeyID = kf.generateKeyID(key);
+
+ hasCachedPublicKeyID = true;
+ return cachedPublicKeyID;
+
+ } catch (InvalidKeyException ike) {
+ throw new CertificateParsingException(""+ike);
+ } catch (NoSuchAlgorithmException nsae) {
+ throw new CertificateParsingException(""+nsae);
+ }
+ }
+
/** Helper method to cache the notation data */
private void cacheNotationData() {
cachedMachineReadableNotationData = new Properties();
1.2 +2 -2 projects/openpgp/src/cryptix/openpgp/provider/PGPKeyBundleImpl.java
Index: PGPKeyBundleImpl.java
===================================================================
RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/provider/PGPKeyBundleImpl.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PGPKeyBundleImpl.java 7 Aug 2001 05:15:35 -0000 1.1
+++ PGPKeyBundleImpl.java 3 Feb 2003 15:04:00 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Id: PGPKeyBundleImpl.java,v 1.1 2001/08/07 05:15:35 edwin Exp $
+/* $Id: PGPKeyBundleImpl.java,v 1.2 2003/02/03 15:04:00 edwin Exp $
*
* Copyright (C) 1999-2001 The Cryptix Foundation Limited.
* All rights reserved.
@@ -67,7 +67,7 @@
*
* @author Edwin Woudt <ed...@cr...>
* @author Ingo Luetkebohle
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
*/
public class PGPKeyBundleImpl extends PGPKeyBundle {
@@ -406,7 +406,7 @@
return false;
}
- PGPPrincipal subject = ((PGPCertificate)cert).getSubject();
+ Principal subject = ((PGPCertificate)cert).getSubject();
Vector mapping = (Vector)principalsToCertificates.get(subject);
mapping.remove(cert);
certificates.remove(cert);
1.1 projects/openpgp/src/cryptix/pki/ExtendedCertificate.java
Index: ExtendedCertificate.java
===================================================================
/* $Id: ExtendedCertificate.java,v 1.1 2003/02/03 15:04:00 edwin Exp $
*
* Copyright (C) 1999-2003 The Cryptix Foundation Limited.
* All rights reserved.
*
* Use, modification, copying and distribution of this software is subject
* the terms and conditions of the Cryptix General Licence. You should have
* received a copy of the Cryptix General License along with this library;
* if not, you can download a copy from http://www.cryptix.org/ .
*/
package cryptix.pki;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.util.Date;
/**
* Extensions for java.security.cert.Certificate, which are common to all
* certificates.
*/
public abstract class ExtendedCertificate extends Certificate
{
// Constructor
// ..........................................................................
/**
* Create a new Certificate object with the given type.
*/
protected ExtendedCertificate(String type)
{
super(type);
}
// Added abstract methods
// ..........................................................................
/**
* Returns the userID for which this certificate was issued.
*/
public abstract Principal getSubject();
/**
* Checks if this certificate is currently valid.
*
* <p>A certificate is valid if date is on or after the creation date and
* before the expiration date (when available).</p>
*/
public abstract void checkValidity()
throws CertificateExpiredException, CertificateNotYetValidException,
CertificateParsingException;
/**
* Checks if this certificate is valid on a given date.
*
* <p>A certificate is valid if date is on or after the creation date and
* before the expiration date (when available).</p>
*/
public abstract void checkValidity(Date date)
throws CertificateExpiredException, CertificateNotYetValidException,
CertificateParsingException;
/**
* Returns whether the certificate is self signed
*/
public abstract boolean isSelfSigned()
throws CertificateException;
/**
* Verifies that this certificate was signed using the specified keybundle.
*/
public abstract void verify(KeyBundle bundle)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException;
}
|
|
From: <gel...@mx...> - 2003-02-03 10:39:27
|
gelderen 03/02/03 05:47:11 Modified: jce/doc README.TXT Log: Add note that JCE works without Unlimited Strength Jurisdiction Policy Files, albeit restricted. Revision Changes Path 1.8 +5 -1 projects/jce/doc/README.TXT Index: README.TXT =================================================================== RCS file: /home/cryptix-cvs/cvsroot/projects/jce/doc/README.TXT,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- README.TXT 25 Jun 2001 15:38:19 -0000 1.7 +++ README.TXT 3 Feb 2003 10:47:11 -0000 1.8 @@ -105,7 +105,11 @@ JDK 1.4 (Java 2 version 1.4) - You must have the "Java Cryptography Extension (JCE) Unlimited Strength + Cryptix JCE works out-of-the-box on JDK 1.4 but its functionality is + restricted to the what Sun allows trough their Jurisdiction Policy Files. + + If you require using Cryptix without any restrictions whatsoever, + you must have the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" installed. At the time of writing they can be found at: http://java.sun.com/j2se/1.4/ . |
