Skip to content

Commit

Permalink
Merge "sun.security.provider.X509Factory: port from jdk8u560 and comm…
Browse files Browse the repository at this point in the history 
…ent out unused code"
  • Loading branch information
Sergio Giro authored and Gerrit Code Review committed Dec 6, 2016
2 parents 7b0b51c + 434f8eb commit 813c124
Showing 1 changed file with 76 additions and 24 deletions.
100 changes: 76 additions & 24 deletions ojluni/src/main/java/sun/security/provider/X509Factory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,18 +25,24 @@

package sun.security.provider;

/* BEGIN android-removed
import java.io.*;
import java.util.*;
* END android-removed */
import java.security.cert.*;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CRLImpl;
/* BEGIN android-removed
import sun.security.pkcs.PKCS7;
import sun.security.provider.certpath.X509CertPath;
import sun.security.provider.certpath.X509CertificatePair;
import sun.security.util.DerValue;
* END android-removed */
import sun.security.util.Cache;
import sun.misc.BASE64Decoder;
/* BEGIN android-removed
import java.util.Base64;
import sun.security.pkcs.ParsingException;
* END android-removed */

/**
* This class defines a certificate factory for X.509 v3 certificates &
Expand All @@ -57,10 +63,15 @@
* @see sun.security.x509.X509CRLImpl
*/

public class X509Factory extends CertificateFactorySpi {
// BEGIN android-changed
// Was: public class X509Factory extends CertificateFactorySpi {
public class X509Factory {
// END android-changed

/* BEGIN android-removed
public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
public static final String END_CERT = "-----END CERTIFICATE-----";
* END android-removed */

private static final int ENC_MAX_LENGTH = 4096 * 1024; // 4 MB MAX

Expand All @@ -69,6 +80,7 @@ public class X509Factory extends CertificateFactorySpi {
private static final Cache<Object, X509CRLImpl> crlCache
= Cache.newSoftMemoryCache(750);

/* BEGIN android-removed
/**
* Generates an X.509 certificate object and initializes it with
* the data read from the input stream <code>is</code>.
Expand All @@ -79,7 +91,7 @@ public class X509Factory extends CertificateFactorySpi {
* from the input stream.
*
* @exception CertificateException on parsing errors.
*/
*
@Override
public Certificate engineGenerateCertificate(InputStream is)
throws CertificateException
Expand Down Expand Up @@ -112,7 +124,7 @@ public Certificate engineGenerateCertificate(InputStream is)
/**
* Read from the stream until length bytes have been read or EOF has
* been reached. Return the number of bytes actually read.
*/
*
private static int readFully(InputStream in, ByteArrayOutputStream bout,
int length) throws IOException {
int read = 0;
Expand All @@ -128,6 +140,7 @@ private static int readFully(InputStream in, ByteArrayOutputStream bout,
}
return read;
}
* END android-removed */

/**
* Return an interned X509CertImpl for the given certificate.
Expand Down Expand Up @@ -231,6 +244,7 @@ private static synchronized <V> void addToCache(Cache<Object, V> cache,
cache.put(key, value);
}

/* BEGIN android-removed
/**
* Generates a <code>CertPath</code> object and initializes it with
* the data read from the <code>InputStream</code> inStream. The data
Expand All @@ -241,7 +255,7 @@ private static synchronized <V> void addToCache(Cache<Object, V> cache,
* <code>InputStream</code>
* @exception CertificateException if an exception occurs while decoding
* @since 1.4
*/
*
@Override
public CertPath engineGenerateCertPath(InputStream inStream)
throws CertificateException
Expand Down Expand Up @@ -273,7 +287,7 @@ public CertPath engineGenerateCertPath(InputStream inStream)
* @exception CertificateException if an exception occurs while decoding or
* the encoding requested is not supported
* @since 1.4
*/
*
@Override
public CertPath engineGenerateCertPath(InputStream inStream,
String encoding) throws CertificateException
Expand Down Expand Up @@ -306,7 +320,7 @@ public CertPath engineGenerateCertPath(InputStream inStream,
* certificates
* @exception CertificateException if an exception occurs
* @since 1.4
*/
*
@Override
public CertPath
engineGenerateCertPath(List<? extends Certificate> certificates)
Expand All @@ -326,7 +340,7 @@ public CertPath engineGenerateCertPath(InputStream inStream,
* @return an <code>Iterator</code> over the names of the supported
* <code>CertPath</code> encodings (as <code>String</code>s)
* @since 1.4
*/
*
@Override
public Iterator<String> engineGetCertPathEncodings() {
return(X509CertPath.getEncodingsStatic());
Expand All @@ -342,7 +356,7 @@ public Iterator<String> engineGetCertPathEncodings() {
* initialized with the data from the input stream.
*
* @exception CertificateException on parsing errors.
*/
*
@Override
public Collection<? extends java.security.cert.Certificate>
engineGenerateCertificates(InputStream is)
Expand All @@ -368,7 +382,7 @@ public Iterator<String> engineGetCertPathEncodings() {
* from the input stream.
*
* @exception CRLException on parsing errors.
*/
*
@Override
public CRL engineGenerateCRL(InputStream is)
throws CRLException
Expand Down Expand Up @@ -406,7 +420,7 @@ public CRL engineGenerateCRL(InputStream is)
* initialized with the data from the input stream.
*
* @exception CRLException on parsing errors.
*/
*
@Override
public Collection<? extends java.security.cert.CRL> engineGenerateCRLs(
InputStream is) throws CRLException
Expand All @@ -425,30 +439,49 @@ public Collection<? extends java.security.cert.CRL> engineGenerateCRLs(
* Parses the data in the given input stream as a sequence of DER
* encoded X.509 certificates (in binary or base 64 encoded format) OR
* as a single PKCS#7 encoded blob (in binary or base64 encoded format).
*/
*
private Collection<? extends java.security.cert.Certificate>
parseX509orPKCS7Cert(InputStream is)
throws CertificateException, IOException
{
int peekByte;
byte[] data;
PushbackInputStream pbis = new PushbackInputStream(is);
Collection<X509CertImpl> coll = new ArrayList<>();
byte[] data = readOneBlock(is);
if (data == null) {
// Test the InputStream for end-of-stream. If the stream's
// initial state is already at end-of-stream then return
// an empty collection. Otherwise, push the byte back into the
// stream and let readOneBlock look for the first certificate.
peekByte = pbis.read();
if (peekByte == -1) {
return new ArrayList<>(0);
} else {
pbis.unread(peekByte);
data = readOneBlock(pbis);
}
// If we end up with a null value after reading the first block
// then we know the end-of-stream has been reached and no certificate
// data has been found.
if (data == null) {
throw new CertificateException("No certificate data found");
}
try {
PKCS7 pkcs7 = new PKCS7(data);
X509Certificate[] certs = pkcs7.getCertificates();
// certs are optional in PKCS #7
if (certs != null) {
return Arrays.asList(certs);
} else {
// no crls provided
// no certificates provided
return new ArrayList<>(0);
}
} catch (ParsingException e) {
while (data != null) {
coll.add(new X509CertImpl(data));
data = readOneBlock(is);
data = readOneBlock(pbis);
}
}
return coll;
Expand All @@ -458,16 +491,35 @@ public Collection<? extends java.security.cert.CRL> engineGenerateCRLs(
* Parses the data in the given input stream as a sequence of DER encoded
* X.509 CRLs (in binary or base 64 encoded format) OR as a single PKCS#7
* encoded blob (in binary or base 64 encoded format).
*/
*
private Collection<? extends java.security.cert.CRL>
parseX509orPKCS7CRL(InputStream is)
throws CRLException, IOException
{
int peekByte;
byte[] data;
PushbackInputStream pbis = new PushbackInputStream(is);
Collection<X509CRLImpl> coll = new ArrayList<>();
byte[] data = readOneBlock(is);
if (data == null) {
// Test the InputStream for end-of-stream. If the stream's
// initial state is already at end-of-stream then return
// an empty collection. Otherwise, push the byte back into the
// stream and let readOneBlock look for the first CRL.
peekByte = pbis.read();
if (peekByte == -1) {
return new ArrayList<>(0);
} else {
pbis.unread(peekByte);
data = readOneBlock(pbis);
}
// If we end up with a null value after reading the first block
// then we know the end-of-stream has been reached and no CRL
// data has been found.
if (data == null) {
throw new CRLException("No CRL data found");
}
try {
PKCS7 pkcs7 = new PKCS7(data);
X509CRL[] crls = pkcs7.getCRLs();
Expand All @@ -481,7 +533,7 @@ public Collection<? extends java.security.cert.CRL> engineGenerateCRLs(
} catch (ParsingException e) {
while (data != null) {
coll.add(new X509CRLImpl(data));
data = readOneBlock(is);
data = readOneBlock(pbis);
}
}
return coll;
Expand All @@ -498,7 +550,7 @@ public Collection<? extends java.security.cert.CRL> engineGenerateCRLs(
* @param is the InputStream
* @returns byte block or null if end of stream
* @throws IOException If any parsing error
*/
*
private static byte[] readOneBlock(InputStream is) throws IOException {
// The first character of a BLOCK.
Expand Down Expand Up @@ -595,8 +647,7 @@ private static byte[] readOneBlock(InputStream is) throws IOException {
checkHeaderFooter(header.toString(), footer.toString());
BASE64Decoder decoder = new BASE64Decoder();
return decoder.decodeBuffer(new String(data, 0, pos));
return Base64.getMimeDecoder().decode(new String(data, 0, pos));
}
}
Expand Down Expand Up @@ -627,7 +678,7 @@ private static void checkHeaderFooter(String header,
* @param tag Tag already read (-1 mean not read)
* @returns The current tag, used to check EOC in indefinite-length BER
* @throws IOException Any parsing error
*/
*
private static int readBERInternal(InputStream is,
ByteArrayOutputStream bout, int tag) throws IOException {
Expand Down Expand Up @@ -716,4 +767,5 @@ private static int readBERInternal(InputStream is,
}
return tag;
}
* END android-removed */
}

0 comments on commit 813c124

Please sign in to comment.