0N/A/*
0N/A * reserved comment block
0N/A * DO NOT REMOVE OR ALTER!
0N/A */
0N/A/*
0N/A * Copyright 1999-2004 The Apache Software Foundation.
0N/A *
0N/A * Licensed under the Apache License, Version 2.0 (the "License");
0N/A * you may not use this file except in compliance with the License.
0N/A * You may obtain a copy of the License at
0N/A *
0N/A * http://www.apache.org/licenses/LICENSE-2.0
0N/A *
0N/A * Unless required by applicable law or agreed to in writing, software
0N/A * distributed under the License is distributed on an "AS IS" BASIS,
0N/A * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0N/A * See the License for the specific language governing permissions and
0N/A * limitations under the License.
0N/A *
0N/A */
0N/Apackage com.sun.org.apache.xml.internal.security.keys.content.x509;
0N/A
0N/Aimport java.io.IOException;
0N/Aimport java.io.ByteArrayInputStream;
0N/Aimport java.io.InputStream;
0N/Aimport java.security.cert.X509Certificate;
0N/Aimport java.lang.reflect.Constructor;
0N/Aimport java.lang.reflect.Method;
0N/A
0N/Aimport com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.Base64;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.Constants;
0N/Aimport com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
0N/Aimport org.w3c.dom.Document;
0N/Aimport org.w3c.dom.Element;
0N/A
0N/A/**
0N/A * Handles SubjectKeyIdentifier (SKI) for X.509v3.
0N/A *
661N/A * @author $Author: mullan $
661N/A * @see <A HREF="http://java.sun.com/j2se/1.5.0/docs/api/java/security/cert/X509Extension.html">Interface X509Extension</A>
0N/A */
0N/Apublic class XMLX509SKI extends SignatureElementProxy
0N/A implements XMLX509DataContent {
0N/A
661N/A /** {@link java.util.logging} logging facility */
0N/A static java.util.logging.Logger log =
0N/A java.util.logging.Logger.getLogger(XMLX509SKI.class.getName());
0N/A
661N/A /**
661N/A * <CODE>SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14)</CODE>:
661N/A * This extension identifies the public key being certified. It enables
661N/A * distinct keys used by the same subject to be differentiated
661N/A * (e.g., as key updating occurs).
661N/A * <BR />
661N/A * A key identifer shall be unique with respect to all key identifiers
661N/A * for the subject with which it is used. This extension is always non-critical.
661N/A */
661N/A public static final String SKI_OID = "2.5.29.14";
0N/A
661N/A /**
661N/A * Constructor X509SKI
661N/A *
661N/A * @param doc
661N/A * @param skiBytes
661N/A */
661N/A public XMLX509SKI(Document doc, byte[] skiBytes) {
661N/A super(doc);
661N/A this.addBase64Text(skiBytes);
661N/A }
0N/A
661N/A /**
661N/A * Constructor XMLX509SKI
661N/A *
661N/A * @param doc
661N/A * @param x509certificate
661N/A * @throws XMLSecurityException
661N/A */
661N/A public XMLX509SKI(Document doc, X509Certificate x509certificate)
0N/A throws XMLSecurityException {
661N/A super(doc);
661N/A this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
661N/A }
0N/A
661N/A /**
661N/A * Constructor XMLX509SKI
661N/A *
661N/A * @param element
661N/A * @param BaseURI
661N/A * @throws XMLSecurityException
661N/A */
661N/A public XMLX509SKI(Element element, String BaseURI)
0N/A throws XMLSecurityException {
661N/A super(element, BaseURI);
661N/A }
0N/A
661N/A /**
661N/A * Method getSKIBytes
661N/A *
661N/A * @return the skibytes
661N/A * @throws XMLSecurityException
661N/A */
661N/A public byte[] getSKIBytes() throws XMLSecurityException {
661N/A return this.getBytesFromTextChild();
661N/A }
0N/A
661N/A /**
661N/A * Method getSKIBytesFromCert
661N/A *
661N/A * @param cert
661N/A * @return ski bytes from the given certificate
661N/A *
661N/A * @throws XMLSecurityException
661N/A * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
661N/A */
661N/A public static byte[] getSKIBytesFromCert(X509Certificate cert)
661N/A throws XMLSecurityException {
0N/A
661N/A if (cert.getVersion() < 3) {
0N/A Object exArgs[] = { new Integer(cert.getVersion()) };
0N/A throw new XMLSecurityException("certificate.noSki.lowVersion",
0N/A exArgs);
661N/A }
0N/A
661N/A /*
661N/A * Gets the DER-encoded OCTET string for the extension value
661N/A * (extnValue) identified by the passed-in oid String. The oid
661N/A * string is represented by a set of positive whole numbers
661N/A * separated by periods.
661N/A */
661N/A byte[] extensionValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
661N/A if (extensionValue == null) {
661N/A throw new XMLSecurityException("certificate.noSki.null");
661N/A }
0N/A
661N/A /**
661N/A * Strip away first four bytes from the extensionValue
661N/A * The first two bytes are the tag and length of the extensionValue
661N/A * OCTET STRING, and the next two bytes are the tag and length of
661N/A * the skid OCTET STRING.
661N/A */
661N/A byte skidValue[] = new byte[extensionValue.length - 4];
661N/A
661N/A System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
661N/A
661N/A if (log.isLoggable(java.util.logging.Level.FINE)) {
661N/A log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(skidValue));
661N/A }
0N/A
661N/A return skidValue;
661N/A }
0N/A
661N/A /** @inheritDoc */
661N/A public boolean equals(Object obj) {
661N/A if (obj == null) {
661N/A return false;
661N/A }
661N/A if (!this.getClass().getName().equals(obj.getClass().getName())) {
661N/A return false;
661N/A }
0N/A
661N/A XMLX509SKI other = (XMLX509SKI) obj;
0N/A
661N/A try {
661N/A return java.security.MessageDigest.isEqual(other.getSKIBytes(),
661N/A this.getSKIBytes());
661N/A } catch (XMLSecurityException ex) {
661N/A return false;
661N/A }
661N/A }
0N/A
661N/A /** @inheritDoc */
661N/A public String getBaseLocalName() {
661N/A return Constants._TAG_X509SKI;
661N/A }
0N/A}