1. /*

  2.  * @(#)X509CRLSelector.java	1.11 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package java.security.cert;

  9. 

  10. import java.io.IOException;

  11. import java.math.BigInteger;

  12. import java.util.Collection;

  13. import java.util.Date;

  14. import java.util.HashSet;

  15. import java.util.Iterator;

  16. import javax.security.auth.x500.X500Principal;

  17. import sun.security.util.Debug;

  18. import sun.security.util.DerInputStream;

  19. import sun.security.x509.CRLNumberExtension;

  20. import sun.security.x509.X500Name;

  21. 

  22. /**

  23.  * A <code>CRLSelector</code> that selects <code>X509CRLs</code> that

  24.  * match all specified criteria. This class is particularly useful when

  25.  * selecting CRLs from a <code>CertStore</code> to check revocation status

  26.  * of a particular certificate.

  27.  * <p>

  28.  * When first constructed, an <code>X509CRLSelector</code> has no criteria

  29.  * enabled and each of the <code>get</code> methods return a default

  30.  * value (<code>null</code>). Therefore, the {@link #match match} method 

  31.  * would return <code>true</code> for any <code>X509CRL</code>. Typically, 

  32.  * several criteria are enabled (by calling {@link #setIssuerNames setIssuerNames} 

  33.  * or {@link #setDateAndTime setDateAndTime}, for instance) and then the

  34.  * <code>X509CRLSelector</code> is passed to

  35.  * {@link CertStore#getCRLs CertStore.getCRLs} or some similar

  36.  * method.

  37.  * <p>

  38.  * Please refer to RFC 2459 for definitions of the X.509 CRL fields and

  39.  * extensions mentioned below.

  40.  * <p>

  41.  * <b>Concurrent Access</b>

  42.  * <p>

  43.  * Unless otherwise specified, the methods defined in this class are not

  44.  * thread-safe. Multiple threads that need to access a single

  45.  * object concurrently should synchronize amongst themselves and

  46.  * provide the necessary locking. Multiple threads each manipulating

  47.  * separate objects need not synchronize.

  48.  *

  49.  * @see CRLSelector

  50.  * @see X509CRL

  51.  *

  52.  * @version 	1.11 01/23/03

  53.  * @since	1.4

  54.  * @author	Steve Hanna

  55.  */

  56. public class X509CRLSelector implements CRLSelector {

  57. 

  58.     static {

  59. 	CertPathHelperImpl.initialize();

  60.     }

  61. 

  62.     private static final Debug debug = Debug.getInstance("certpath");

  63.     private HashSet issuerNames;

  64.     private HashSet issuerX500Principals;

  65.     private BigInteger minCRL;

  66.     private BigInteger maxCRL;

  67.     private Date dateAndTime;

  68.     private X509Certificate certChecking;

  69. 

  70.     /**

  71.      * Creates an <code>X509CRLSelector</code>. Initially, no criteria are set

  72.      * so any <code>X509CRL</code> will match.

  73.      */

  74.     public X509CRLSelector() {}

  75. 

  76.     /**

  77.      * Sets the issuerNames criterion. The issuer distinguished name in the

  78.      * <code>X509CRL</code> must match at least one of the specified

  79.      * distinguished names. If <code>null</code>, any issuer distinguished name

  80.      * will do.

  81.      * <p>

  82.      * This method allows the caller to specify, with a single method call,

  83.      * the complete set of issuer names which <code>X509CRLs</code> may contain.

  84.      * The specified value replaces the previous value for the issuerNames

  85.      * criterion.

  86.      * <p>

  87.      * The <code>names</code> parameter (if not <code>null</code>) is a

  88.      * <code>Collection</code> of names. Each name is a <code>String</code>

  89.      * or a byte array representing a distinguished name (in RFC 2253 or

  90.      * ASN.1 DER encoded form, respectively). If <code>null</code> is supplied

  91.      * as the value for this argument, no issuerNames check will be performed.

  92.      * <p>

  93.      * Note that the <code>names</code> parameter can contain duplicate

  94.      * distinguished names, but they may be removed from the 

  95.      * <code>Collection</code> of names returned by the

  96.      * {@link #getIssuerNames getIssuerNames} method.

  97.      * <p>

  98.      * If a name is specified as a byte array, it should contain a single DER

  99.      * encoded distinguished name, as defined in X.501. The ASN.1 notation for

  100.      * this structure is as follows.

  101.      * <pre><code>

  102.      * Name ::= CHOICE {

  103.      *   RDNSequence }

  104.      *

  105.      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

  106.      *

  107.      * RelativeDistinguishedName ::=

  108.      *   SET SIZE (1 .. MAX) OF AttributeTypeAndValue

  109.      *

  110.      * AttributeTypeAndValue ::= SEQUENCE {

  111.      *   type     AttributeType,

  112.      *   value    AttributeValue }

  113.      *

  114.      * AttributeType ::= OBJECT IDENTIFIER

  115.      *

  116.      * AttributeValue ::= ANY DEFINED BY AttributeType

  117.      * ....

  118.      * DirectoryString ::= CHOICE {

  119.      *       teletexString           TeletexString (SIZE (1..MAX)),

  120.      *       printableString         PrintableString (SIZE (1..MAX)),

  121.      *       universalString         UniversalString (SIZE (1..MAX)),

  122.      *       utf8String              UTF8String (SIZE (1.. MAX)),

  123.      *       bmpString               BMPString (SIZE (1..MAX)) }

  124.      * </code></pre>

  125.      * <p>

  126.      * Note that a deep copy is performed on the <code>Collection</code> to

  127.      * protect against subsequent modifications.

  128.      *

  129.      * @param names a <code>Collection</code> of names (or <code>null</code>)

  130.      * @throws IOException if a parsing error occurs

  131.      * @see #getIssuerNames

  132.      */

  133.     public void setIssuerNames(Collection names) throws IOException {

  134.         if (names == null || names.size() == 0) {

  135.             issuerNames = null;

  136.             issuerX500Principals = null;

  137.         } else {

  138.             HashSet tempNames = cloneAndCheckIssuerNames(names);

  139.             // Ensure that we either set both of these or neither

  140.             issuerX500Principals = parseIssuerNames(tempNames);

  141.             issuerNames = tempNames;

  142.         }

  143.     }

  144. 

  145.     /**

  146.      * Adds a name to the issuerNames criterion. The issuer distinguished

  147.      * name in the <code>X509CRL</code> must match at least one of the specified

  148.      * distinguished names.

  149.      * <p>

  150.      * This method allows the caller to add a name to the set of issuer names

  151.      * which <code>X509CRLs</code> may contain. The specified name is added to

  152.      * any previous value for the issuerNames criterion.

  153.      * If the specified name is a duplicate, it may be ignored.

  154.      *

  155.      * @param name the name in RFC 2253 form

  156.      * @throws IOException if a parsing error occurs

  157.      */

  158.     public void addIssuerName(String name) throws IOException {

  159.         addIssuerNameInternal(name, new X500Name(name, "RFC2253").asX500Principal());

  160.     }

  161. 

  162.     /**

  163.      * Adds a name to the issuerNames criterion. The issuer distinguished

  164.      * name in the <code>X509CRL</code> must match at least one of the specified

  165.      * distinguished names.

  166.      * <p>

  167.      * This method allows the caller to add a name to the set of issuer names

  168.      * which <code>X509CRLs</code> may contain. The specified name is added to

  169.      * any previous value for the issuerNames criterion. If the specified name

  170.      * is a duplicate, it may be ignored.

  171.      * If a name is specified as a byte array, it should contain a single DER

  172.      * encoded distinguished name, as defined in X.501. The ASN.1 notation for

  173.      * this structure is as follows.

  174.      * <p>

  175.      * The name is provided as a byte array. This byte array should contain

  176.      * a single DER encoded distinguished name, as defined in X.501. The ASN.1

  177.      * notation for this structure appears in the documentation for

  178.      * {@link #setIssuerNames setIssuerNames(Collection names)}.

  179.      * <p>

  180.      * Note that the byte array supplied here is cloned to protect against

  181.      * subsequent modifications.

  182.      *

  183.      * @param name a byte array containing the name in ASN.1 DER encoded form

  184.      * @throws IOException if a parsing error occurs

  185.      */

  186.     public void addIssuerName(byte [] name) throws IOException {

  187.         // clone because byte arrays are modifiable

  188.         addIssuerNameInternal(name.clone(), new X500Name(name).asX500Principal());

  189.     }

  190.     

  191.     // called from CertPathHelper, to be made public in a future release

  192.     void addIssuer(X500Principal issuer) {

  193. 	addIssuerNameInternal(issuer.getName(), issuer);

  194.     }

  195.     

  196.     // called from CertPathHelper

  197.     Collection getIssuers() {

  198. 	return issuerX500Principals;

  199.     }

  200. 

  201.     /**

  202.      * A private method that adds a name (String or byte array) to the

  203.      * issuerNames criterion. The issuer distinguished

  204.      * name in the <code>X509CRL</code> must match at least one of the specified

  205.      * distinguished names.

  206.      *

  207.      * @param name the name in string or byte array form

  208.      * @param principal the name in X500Principal form

  209.      * @throws IOException if a parsing error occurs

  210.      */

  211.     private void addIssuerNameInternal(Object name, X500Principal principal) {

  212.         if (issuerNames == null) {

  213.             issuerNames = new HashSet();

  214. 	}

  215.         if (issuerX500Principals == null) {

  216.             issuerX500Principals = new HashSet();

  217. 	}

  218.         issuerNames.add(name);

  219.         issuerX500Principals.add(principal);

  220.     }

  221. 

  222.     /**

  223.      * Clone and check an argument of the form passed to

  224.      * setIssuerNames. Throw an IOException if the argument is malformed.

  225.      *

  226.      * @param names a <code>Collection</code> of names. Each entry is a

  227.      *              String or a byte array (the name, in string or ASN.1

  228.      *              DER encoded form, respectively). <code>null</code> is

  229.      *              not an acceptable value.

  230.      * @return a deep copy of the specified <code>Collection</code>

  231.      * @throws IOException if a parsing error occurs

  232.      */

  233.     private static HashSet cloneAndCheckIssuerNames(Collection names)

  234.         throws IOException 

  235.     {

  236.         HashSet namesCopy = new HashSet();

  237.         Iterator i = names.iterator();

  238.         while (i.hasNext()) {

  239.             Object nameObject = i.next();

  240.             if (!(nameObject instanceof byte []) &&

  241. 	        !(nameObject instanceof String))

  242. 	        throw new IOException("name not byte array or String");

  243.             if (nameObject instanceof byte [])

  244. 	        namesCopy.add(((byte []) nameObject).clone());

  245.             else

  246. 	        namesCopy.add(nameObject);

  247.         }

  248.         return(namesCopy);

  249.     }

  250. 

  251.     /**

  252.      * Clone an argument of the form passed to setIssuerNames.

  253.      * Throw a RuntimeException if the argument is malformed.

  254.      * <p>

  255.      * This method wraps cloneAndCheckIssuerNames, changing any IOException 

  256.      * into a RuntimeException. This method should be used when the object being

  257.      * cloned has already been checked, so there should never be any exceptions.

  258.      *

  259.      * @param names a <code>Collection</code> of names. Each entry is a

  260.      *              String or a byte array (the name, in string or ASN.1

  261.      *              DER encoded form, respectively). <code>null</code> is

  262.      *              not an acceptable value.

  263.      * @return a deep copy of the specified <code>Collection</code>

  264.      * @throws RuntimeException if a parsing error occurs

  265.      */

  266.     private static HashSet cloneIssuerNames(Collection names) {

  267.         try {

  268.             return cloneAndCheckIssuerNames(names);

  269.         } catch (IOException ioe) {

  270. 	    throw new RuntimeException(ioe);

  271.         }

  272.     }

  273. 

  274.     /**

  275.      * Parse an argument of the form passed to setIssuerNames,

  276.      * returning a Collection of issuerX500Principals.

  277.      * Throw an IOException if the argument is malformed.

  278.      *

  279.      * @param names a <code>Collection</code> of names. Each entry is a

  280.      *              String or a byte array (the name, in string or ASN.1

  281.      *              DER encoded form, respectively). <Code>Null</Code> is

  282.      *              not an acceptable value.

  283.      * @return a HashSet of issuerX500Principals

  284.      * @throws IOException if a parsing error occurs

  285.      */

  286.     private static HashSet parseIssuerNames(Collection names) 

  287.     throws IOException {

  288.         HashSet x500Principals = new HashSet();

  289. 	for (Iterator t = names.iterator(); t.hasNext(); ) {

  290. 	    Object nameObject = t.next();

  291. 	    if (nameObject instanceof String) {

  292. 		x500Principals.add(new X500Name((String)nameObject, "RFC2253").asX500Principal());

  293. 	    } else {

  294. 		try {

  295. 		    x500Principals.add(new X500Principal((byte[])nameObject));

  296. 		} catch (IllegalArgumentException e) {

  297. 		    throw (IOException)new IOException("Invalid name").initCause(e);

  298. 		}

  299. 	    }

  300. 	}

  301.         return x500Principals;

  302.     }

  303. 

  304.     /**

  305.      * Sets the minCRLNumber criterion. The <code>X509CRL</code> must have a

  306.      * CRL number extension whose value is greater than or equal to the

  307.      * specified value. If <code>null</code>, no minCRLNumber check will be 

  308.      * done.

  309.      *

  310.      * @param minCRL the minimum CRL number accepted (or <code>null</code>)

  311.      */

  312.     public void setMinCRLNumber(BigInteger minCRL) {

  313.         this.minCRL = minCRL;

  314.     }

  315. 

  316.     /**

  317.      * Sets the maxCRLNumber criterion. The <code>X509CRL</code> must have a

  318.      * CRL number extension whose value is less than or equal to the

  319.      * specified value. If <code>null</code>, no maxCRLNumber check will be 

  320.      * done.

  321.      *

  322.      * @param maxCRL the maximum CRL number accepted (or <code>null</code>)

  323.      */

  324.     public void setMaxCRLNumber(BigInteger maxCRL) {

  325.         this.maxCRL = maxCRL;

  326.     }

  327. 

  328.     /**

  329.      * Sets the dateAndTime criterion. The specified date must be

  330.      * equal to or later than the value of the thisUpdate component

  331.      * of the <code>X509CRL</code> and earlier than the value of the

  332.      * nextUpdate component. There is no match if the <code>X509CRL</code>

  333.      * does not contain a nextUpdate component.

  334.      * If <code>null</code>, no dateAndTime check will be done.

  335.      * <p>

  336.      * Note that the <code>Date</code> supplied here is cloned to protect 

  337.      * against subsequent modifications.

  338.      *

  339.      * @param dateAndTime the <code>Date</code> to match against

  340.      *                    (or <code>null</code>)

  341.      * @see #getDateAndTime

  342.      */

  343.     public void setDateAndTime(Date dateAndTime) {

  344.         if (dateAndTime == null)

  345.             this.dateAndTime = null;

  346.         else

  347.             this.dateAndTime = (Date) dateAndTime.clone();

  348.     }

  349. 

  350.     /**

  351.      * Sets the certificate being checked. This is not a criterion. Rather,

  352.      * it is optional information that may help a <code>CertStore</code>

  353.      * find CRLs that would be relevant when checking revocation for the

  354.      * specified certificate. If <code>null</code> is specified, then no

  355.      * such optional information is provided.

  356.      *

  357.      * @param cert the <code>X509Certificate</code> being checked

  358.      *             (or <code>null</code>)

  359.      * @see #getCertificateChecking

  360.      */

  361.     public void setCertificateChecking(X509Certificate cert) {

  362.         certChecking = cert;

  363.     }

  364. 

  365.     /**

  366.      * Returns a copy of the issuerNames criterion. The issuer distinguished

  367.      * name in the <code>X509CRL</code> must match at least one of the specified

  368.      * distinguished names. If the value returned is <code>null</code>, any

  369.      * issuer distinguished name will do.

  370.      * <p>

  371.      * If the value returned is not <code>null</code>, it is a

  372.      * <code>Collection</code> of names. Each name is a <code>String</code>

  373.      * or a byte array representing a distinguished name (in RFC 2253 or

  374.      * ASN.1 DER encoded form, respectively).  Note that the 

  375.      * <code>Collection</code> returned may contain duplicate names.

  376.      * <p>

  377.      * If a name is specified as a byte array, it should contain a single DER

  378.      * encoded distinguished name, as defined in X.501. The ASN.1 notation for

  379.      * this structure is given in the documentation for

  380.      * {@link #setIssuerNames setIssuerNames(Collection names)}.

  381.      * <p>

  382.      * Note that a deep copy is performed on the <code>Collection</code> to

  383.      * protect against subsequent modifications.

  384.      *

  385.      * @return a <code>Collection</code> of names (or <code>null</code>)

  386.      * @see #setIssuerNames

  387.      */

  388.     public Collection getIssuerNames() {

  389.         if (issuerNames == null)

  390.             return null;

  391.         return(cloneIssuerNames(issuerNames));

  392.     }

  393. 

  394.     /**

  395.      * Returns the minCRLNumber criterion. The <code>X509CRL</code> must have a

  396.      * CRL number extension whose value is greater than or equal to the

  397.      * specified value. If <code>null</code>, no minCRLNumber check will be done.

  398.      *

  399.      * @return the minimum CRL number accepted (or <code>null</code>)

  400.      */

  401.     public BigInteger getMinCRL() {

  402.         return minCRL;

  403.     }

  404. 

  405.     /**

  406.      * Returns the maxCRLNumber criterion. The <code>X509CRL</code> must have a

  407.      * CRL number extension whose value is less than or equal to the

  408.      * specified value. If <code>null</code>, no maxCRLNumber check will be 

  409.      * done.

  410.      *

  411.      * @return the maximum CRL number accepted (or <code>null</code>)

  412.      */

  413.     public BigInteger getMaxCRL() {

  414.         return maxCRL;

  415.     }

  416. 

  417.     /**

  418.      * Returns the dateAndTime criterion. The specified date must be

  419.      * equal to or later than the value of the thisUpdate component

  420.      * of the <code>X509CRL</code> and earlier than the value of the

  421.      * nextUpdate component. There is no match if the

  422.      * <code>X509CRL</code> does not contain a nextUpdate component.

  423.      * If <code>null</code>, no dateAndTime check will be done.

  424.      * <p>

  425.      * Note that the <code>Date</code> returned is cloned to protect against

  426.      * subsequent modifications.

  427.      *

  428.      * @return the <code>Date</code> to match against (or <code>null</code>)

  429.      * @see #setDateAndTime

  430.      */

  431.     public Date getDateAndTime() {

  432.         if (dateAndTime == null)

  433.             return null;

  434.         return (Date) dateAndTime.clone();

  435.     }

  436. 

  437.     /**

  438.      * Returns the certificate being checked. This is not a criterion. Rather,

  439.      * it is optional information that may help a <code>CertStore</code>

  440.      * find CRLs that would be relevant when checking revocation for the

  441.      * specified certificate. If the value returned is <code>null</code>, then 

  442.      * no such optional information is provided.

  443.      *

  444.      * @return the certificate being checked (or <code>null</code>)

  445.      * @see #setCertificateChecking

  446.      */

  447.     public X509Certificate getCertificateChecking() {

  448.         return certChecking;

  449.     }

  450. 

  451.     /**

  452.      * Returns a printable representation of the <code>X509CRLSelector</code>.

  453.      *

  454.      * @return a <code>String</code> describing the contents of the

  455.      *         <code>X509CRLSelector</code>.

  456.      */

  457.     public String toString() {

  458.         StringBuffer sb = new StringBuffer();

  459.         sb.append("X509CRLSelector: [\n");

  460.         if (issuerNames != null) {

  461.             sb.append("  IssuerNames:\n");

  462.             Iterator i = issuerNames.iterator();

  463.             while (i.hasNext())

  464. 	        sb.append("    " + i.next() + "\n");

  465.         }

  466.         if (minCRL != null)

  467.             sb.append("  minCRLNumber: " + minCRL + "\n");

  468.         if (maxCRL != null)

  469.             sb.append("  maxCRLNumber: " + maxCRL + "\n");

  470.         if (dateAndTime != null)

  471.             sb.append("  dateAndTime: " + dateAndTime + "\n");

  472.         if (certChecking != null)

  473.             sb.append("  Certificate being checked: " + certChecking + "\n");

  474.         sb.append("]");

  475.         return sb.toString();

  476.     }

  477. 

  478.     /**

  479.      * Decides whether a <code>CRL</code> should be selected.

  480.      *

  481.      * @param crl the <code>CRL</code> to be checked

  482.      * @return <code>true</code> if the <code>CRL</code> should be selected,

  483.      *         <code>false</code> otherwise

  484.      */

  485.     public boolean match(CRL crl) {

  486.         if (!(crl instanceof X509CRL)) {

  487.             return false;

  488. 	}

  489.         X509CRL xcrl = (X509CRL)crl;

  490. 

  491.         /* match on issuer name */

  492.         if (issuerNames != null) {

  493.             X500Principal issuer = xcrl.getIssuerX500Principal();

  494.             Iterator i = issuerX500Principals.iterator();

  495.             boolean found = false;

  496.             while (!found && i.hasNext()) {

  497. 	        if (i.next().equals(issuer)) {

  498. 	            found = true;

  499. 		}

  500. 	    }

  501.             if (!found) {

  502. 	        if (debug != null) {

  503. 	    	    debug.println("X509CRLSelector.match: issuer DNs "

  504. 			+ "don't match");

  505. 		}

  506. 	        return false;

  507.             }

  508.         }

  509. 	

  510. 	if ((minCRL != null) || (maxCRL != null)) {

  511. 	    /* Get CRL number extension from CRL */

  512. 	    byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");

  513. 	    if (crlNumExtVal == null) {

  514. 		if (debug != null) {

  515. 		    debug.println("X509CRLSelector.match: no CRLNumber");

  516. 		}

  517. 	    }

  518. 	    BigInteger crlNum;

  519. 	    try {

  520. 		DerInputStream in = new DerInputStream(crlNumExtVal);

  521. 		byte[] encoded = in.getOctetString();

  522. 		CRLNumberExtension crlNumExt = 

  523. 		    new CRLNumberExtension(Boolean.FALSE, encoded);

  524. 		crlNum = (BigInteger)crlNumExt.get(CRLNumberExtension.NUMBER);

  525. 	    } catch (IOException ex) {

  526. 		if (debug != null) {

  527. 		    debug.println("X509CRLSelector.match: exception in "

  528. 			+ "decoding CRL number");

  529. 		}

  530. 		return false;

  531. 	    }

  532.     

  533. 	    /* match on minCRLNumber */

  534. 	    if (minCRL != null) {

  535. 		if (crlNum.compareTo(minCRL) < 0) {

  536. 		    if (debug != null) {

  537. 			debug.println("X509CRLSelector.match: CRLNumber too small");

  538. 		    }

  539. 		    return false;

  540. 		}

  541. 	    }

  542. 

  543. 	    /* match on maxCRLNumber */

  544. 	    if (maxCRL != null) {

  545. 		if (crlNum.compareTo(maxCRL) > 0) {

  546. 		    if (debug != null) {

  547. 			debug.println("X509CRLSelector.match: CRLNumber too large");

  548. 		    }

  549. 		    return false;

  550. 		}

  551. 	    }

  552. 	}

  553. 

  554. 

  555.         /* match on dateAndTime */

  556.         if (dateAndTime != null) {

  557. 	    Date crlThisUpdate = xcrl.getThisUpdate();

  558.             Date nextUpdate = xcrl.getNextUpdate();

  559.             if (nextUpdate == null) {

  560. 	        if (debug != null) {

  561. 		    debug.println("X509CRLSelector.match: nextUpdate null");

  562. 		}

  563. 	        return false;

  564.             }

  565.             if (crlThisUpdate.after(dateAndTime) 

  566. 	          || nextUpdate.before(dateAndTime)) {

  567. 	        if (debug != null) {

  568. 		    debug.println("X509CRLSelector.match: update out of range");

  569. 		}

  570. 	        return false;

  571.             }

  572.         }

  573. 

  574.         return true;

  575.     }

  576. 

  577.     /**

  578.      * Returns a copy of this object.

  579.      *

  580.      * @return the copy

  581.      */

  582.     public Object clone() {

  583.         try {

  584.             Object copy = super.clone();

  585.             if (issuerNames != null) {

  586.                 issuerNames = new HashSet(issuerNames);

  587.                 issuerX500Principals = new HashSet(issuerX500Principals);

  588.             }

  589.             return copy;

  590.         } catch (CloneNotSupportedException e) {

  591.             /* Cannot happen */

  592.             throw new InternalError(e.toString());

  593.         }

  594.     }

  595. }